General
-
Target
8aaf1711deb592b8f90ff9166baabfe2_JaffaCakes118
-
Size
34KB
-
Sample
241103-k46wfs1bjl
-
MD5
8aaf1711deb592b8f90ff9166baabfe2
-
SHA1
1cea2a6a6083880437eb08b3d67a7b20b4f81c8f
-
SHA256
dbc6772cc73b52e49ce4bdb9212550980801d9feeda42ac2d1dbea750706c9f9
-
SHA512
fed10a29aa8a66849c313125111794b2084a86238396a53c2424f66e5f5eb179eab2a2784adf1046e23667fb3adb62a6db2ab48f9807ddb7ffd2e935d4d694ed
-
SSDEEP
768:GtCDZgEAYVuwtb8rXMFoDTrn4LB1zaUxJ8HzglCXPPlcRYXNNIi:JTVV98rXMFoDTrnIB1zaGE4Gai
Behavioral task
behavioral1
Sample
8aaf1711deb592b8f90ff9166baabfe2_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8aaf1711deb592b8f90ff9166baabfe2_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://198.15.101.98/pony/gate.php
Targets
-
-
Target
8aaf1711deb592b8f90ff9166baabfe2_JaffaCakes118
-
Size
34KB
-
MD5
8aaf1711deb592b8f90ff9166baabfe2
-
SHA1
1cea2a6a6083880437eb08b3d67a7b20b4f81c8f
-
SHA256
dbc6772cc73b52e49ce4bdb9212550980801d9feeda42ac2d1dbea750706c9f9
-
SHA512
fed10a29aa8a66849c313125111794b2084a86238396a53c2424f66e5f5eb179eab2a2784adf1046e23667fb3adb62a6db2ab48f9807ddb7ffd2e935d4d694ed
-
SSDEEP
768:GtCDZgEAYVuwtb8rXMFoDTrn4LB1zaUxJ8HzglCXPPlcRYXNNIi:JTVV98rXMFoDTrnIB1zaGE4Gai
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-