General
-
Target
43c232eff25d2ab7d35bbff53f24be50_JaffaCakes118
-
Size
92KB
-
Sample
241014-xv8d5svgnk
-
MD5
43c232eff25d2ab7d35bbff53f24be50
-
SHA1
11a5b40338d1c0a33fa5c859ccdf630f403da4b8
-
SHA256
4747ae5b1ab686219aaa24a992a1d02f3df4ab6093e78b2668819b0dd8c15d1d
-
SHA512
888711a9f25f3966a55ee5dddb5ad019f59879adf1df9a5895d7fa3e6e3cad3c7e1f224876ef3fc48ca683022c33645100e2c19e881204c9eba744d4dfea0dbe
-
SSDEEP
1536:woo22VCzCGGRD9rf6A5XcSKQvY3yQHIk8p/B5IglMwJj5STyer2Q99dkD+Fp9GFk:woKV/7xD6xRUY3Pok2/ByglMwJj5STHf
Behavioral task
behavioral1
Sample
fax_id{DIGIT[8]}.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fax_id{DIGIT[8]}.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://175.118.124.53:8080/ponyb/gate.php
http://midwdermatology.com:8080/ponyb/gate.php
http://www.bobadamsinc.com:8080/ponyb/gate.php
http://www.richadamsinc.com:8080/ponyb/gate.php
-
payload_url
http://www.lypto.ch/K2d98Z.exe
http://giftmarketing.net/qAuX3EL.exe
http://salmonesriopuelo.cl/PGg.exe
Targets
-
-
Target
fax_id{DIGIT[8]}.exe
-
Size
103KB
-
MD5
a9c0f6b420953ef757e80991a15fdb2d
-
SHA1
efdc87cd12fc653d3a5cd39beb8d278b501660d0
-
SHA256
0dcc398eb8ac3244b078282f787e4397a6a4db00b23716bb580b03adbc1d413e
-
SHA512
737e77c391fe06e1355b4b7c07cd59a80bf22a4b6b99c03d80f7307e7fe205cf3b798d185558e04624cd4e6d1877715cb03daf126b3f21d26c35ea9b15d0a044
-
SSDEEP
1536:kxUvwF/rDM/RlPnWUb/HodA3fXVQLkfIbMjXjXIXFuvU8b/I57pfMWd6kAh:kxos/E/vnWW/odA3f2LkfIbuZIUWd6
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-