General
-
Target
8a95d84b2c028c9bc2c4d5049d605764_JaffaCakes118
-
Size
99KB
-
Sample
241103-knsc5asphn
-
MD5
8a95d84b2c028c9bc2c4d5049d605764
-
SHA1
dbcc0c0153f793a199a332421f74c44ee213b47f
-
SHA256
0754727045f5bece880d60f84844593d34c931a47365bcc910cfcac3d3137dd5
-
SHA512
113cf3da80c4e6727ba74fc027225b09e21fa8fad7522406449e1d5a7d339fbb5d167624165a85a7c8929cf690aaa8760c4c42da16bd026ac336528e43a4567a
-
SSDEEP
3072:aQaGqH42XiJIhAGlvzMW7NHzRB/MVNSDbxq:leY2XiJ0l3NTR2VNm0
Static task
static1
Behavioral task
behavioral1
Sample
8a95d84b2c028c9bc2c4d5049d605764_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8a95d84b2c028c9bc2c4d5049d605764_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://115.47.49.181/twXEsyUTli71/k3JRL75YXw.php
Targets
-
-
Target
8a95d84b2c028c9bc2c4d5049d605764_JaffaCakes118
-
Size
99KB
-
MD5
8a95d84b2c028c9bc2c4d5049d605764
-
SHA1
dbcc0c0153f793a199a332421f74c44ee213b47f
-
SHA256
0754727045f5bece880d60f84844593d34c931a47365bcc910cfcac3d3137dd5
-
SHA512
113cf3da80c4e6727ba74fc027225b09e21fa8fad7522406449e1d5a7d339fbb5d167624165a85a7c8929cf690aaa8760c4c42da16bd026ac336528e43a4567a
-
SSDEEP
3072:aQaGqH42XiJIhAGlvzMW7NHzRB/MVNSDbxq:leY2XiJ0l3NTR2VNm0
-
Pony family
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-