General
-
Target
8c6fd19f014ac76732745386c1064637_JaffaCakes118
-
Size
229KB
-
Sample
241103-t3pefs1pbq
-
MD5
8c6fd19f014ac76732745386c1064637
-
SHA1
4b80161f9ff92e5319d742fb0317da945920c181
-
SHA256
945ffe399c12635e43a8ba87689fc7a392c233e2ddbebc783a9cb63d0cac850e
-
SHA512
da1096e183be102d7b2217205bc491a617da1f39422180aa6938e8c550802c71ee7dfc28e0489f46ac4735dd37b1ae9ca0ebefc7d5e6f5b178b4a1a9611fe395
-
SSDEEP
3072:GXJibxlNFRsdPtLWgGD7+ZoKqoPRtl4r4es303I:GXE9joPtLWgGDyWoZtCxUv
Static task
static1
Behavioral task
behavioral1
Sample
8c6fd19f014ac76732745386c1064637_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8c6fd19f014ac76732745386c1064637_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://203.250.68.191:8080/forum/viewtopic.php
http://213.155.112.88:8080/forum/viewtopic.php
-
payload_url
http://02c8dac.netsolhost.com/6L4p.exe
http://medplus.fr/sfR.exe
http://rtserv.co.za/9uvSc.exe
Targets
-
-
Target
8c6fd19f014ac76732745386c1064637_JaffaCakes118
-
Size
229KB
-
MD5
8c6fd19f014ac76732745386c1064637
-
SHA1
4b80161f9ff92e5319d742fb0317da945920c181
-
SHA256
945ffe399c12635e43a8ba87689fc7a392c233e2ddbebc783a9cb63d0cac850e
-
SHA512
da1096e183be102d7b2217205bc491a617da1f39422180aa6938e8c550802c71ee7dfc28e0489f46ac4735dd37b1ae9ca0ebefc7d5e6f5b178b4a1a9611fe395
-
SSDEEP
3072:GXJibxlNFRsdPtLWgGD7+ZoKqoPRtl4r4es303I:GXE9joPtLWgGDyWoZtCxUv
-
Pony family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-