General
-
Target
42586f8cc6339a3deb8601094da039cf_JaffaCakes118
-
Size
101KB
-
Sample
241014-pj9ttsvfke
-
MD5
42586f8cc6339a3deb8601094da039cf
-
SHA1
256e7dca7a41b023b3eb36ea9f419cb82677993e
-
SHA256
cc4430050e894e58c93d1b1357bf5af44f384d5686a33320fa66ce6b3f6d015c
-
SHA512
cad66555bf85bdf92e7d7e3fe634b7644f52fe15d1a92736ee7af278f047a48ffd73597559495382fd4376b40853eb753edc68778519ca753daa3955d2c2cde7
-
SSDEEP
1536:BfgpqhxaHukJ9IeNn5rab+t4//08cFM243ft8b+ui7VOePZJUrQxKyrWcI:gqhxakWUb+tu08hE+z7V5x6rQxKsD
Static task
static1
Behavioral task
behavioral1
Sample
42586f8cc6339a3deb8601094da039cf_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
42586f8cc6339a3deb8601094da039cf_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
42586f8cc6339a3deb8601094da039cf_JaffaCakes118
-
Size
101KB
-
MD5
42586f8cc6339a3deb8601094da039cf
-
SHA1
256e7dca7a41b023b3eb36ea9f419cb82677993e
-
SHA256
cc4430050e894e58c93d1b1357bf5af44f384d5686a33320fa66ce6b3f6d015c
-
SHA512
cad66555bf85bdf92e7d7e3fe634b7644f52fe15d1a92736ee7af278f047a48ffd73597559495382fd4376b40853eb753edc68778519ca753daa3955d2c2cde7
-
SSDEEP
1536:BfgpqhxaHukJ9IeNn5rab+t4//08cFM243ft8b+ui7VOePZJUrQxKyrWcI:gqhxakWUb+tu08hE+z7V5x6rQxKsD
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-