General
-
Target
887680e7bd7b4bd05ffe046a31717198_JaffaCakes118
-
Size
66KB
-
Sample
241102-3ppbzaygjr
-
MD5
887680e7bd7b4bd05ffe046a31717198
-
SHA1
90a6cc6a3741085c0ee763ab7959717e3a381d26
-
SHA256
82e3fbb73e16e1257ce7e1dc58b37536e3acd21d24793222b3cc7637683a6e58
-
SHA512
e9ca19881ba509908a51e98d7d5df9cc7860a1e716c25f107c7b473b3f5cddccea87c4fb271968367cb54726e807636e2739d5ffdfbb02990caeeb9d41225f2c
-
SSDEEP
768:LIJZ3K8301QQjdIBiaBac0fqdGL4LoOXP/UFGnxl1+s+qDNxjCsP80NFSf498AwP:Ia8k3IBiaB613ObksFDNJ5Su8N
Static task
static1
Behavioral task
behavioral1
Sample
887680e7bd7b4bd05ffe046a31717198_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
887680e7bd7b4bd05ffe046a31717198_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://kioggfa.info:9135/pic/fly.php
http://jmpwjhu.info:9135/pic/fly.php
Targets
-
-
Target
887680e7bd7b4bd05ffe046a31717198_JaffaCakes118
-
Size
66KB
-
MD5
887680e7bd7b4bd05ffe046a31717198
-
SHA1
90a6cc6a3741085c0ee763ab7959717e3a381d26
-
SHA256
82e3fbb73e16e1257ce7e1dc58b37536e3acd21d24793222b3cc7637683a6e58
-
SHA512
e9ca19881ba509908a51e98d7d5df9cc7860a1e716c25f107c7b473b3f5cddccea87c4fb271968367cb54726e807636e2739d5ffdfbb02990caeeb9d41225f2c
-
SSDEEP
768:LIJZ3K8301QQjdIBiaBac0fqdGL4LoOXP/UFGnxl1+s+qDNxjCsP80NFSf498AwP:Ia8k3IBiaB613ObksFDNJ5Su8N
-
Pony family
-
Drops file in Drivers directory
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Files and Directories
-
Suspicious use of SetThreadContext
-