General
-
Target
8ce632cfc169a1b1c9bebd0c96f88931_JaffaCakes118
-
Size
133KB
-
Sample
241103-w58xzs1bqd
-
MD5
8ce632cfc169a1b1c9bebd0c96f88931
-
SHA1
18c1de9e67d75c023d46b0e8113c12f044f513b4
-
SHA256
2d6e7f634eb2adaddd8f3e593e966a2d83aaffb49cb5b1e9713d9159776875c9
-
SHA512
d38461f3ad2b8a31dbc8a7dea1ae24390c66fa14a1e7f1cfaa7d3b3109ae1bd292ea2cc4cb4488f27a1eb2ca1fb538b516bc4a64296efa4ee8bd91fe4bebc4e3
-
SSDEEP
3072:QyW4R/iRVS0J7GDnLrpMraPWEhhX+LB/5Wp+7/49UByp:Q6R/WyjLbPT4tME7Ri
Static task
static1
Behavioral task
behavioral1
Sample
8ce632cfc169a1b1c9bebd0c96f88931_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8ce632cfc169a1b1c9bebd0c96f88931_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://capitulosde.com:8080/forum/viewtopic.php
http://168.144.38.105:8080/forum/viewtopic.php
-
payload_url
http://fundepalma.org/hr5JHr1.exe
http://74.208.218.30/RngUvek.exe
http://rdquark.com/cAB.exe
http://matheusilva.com/ttmX4XF.exe
http://alispide.net/V61zmw.exe
http://docencia.cl/gUXoWb.exe
Targets
-
-
Target
8ce632cfc169a1b1c9bebd0c96f88931_JaffaCakes118
-
Size
133KB
-
MD5
8ce632cfc169a1b1c9bebd0c96f88931
-
SHA1
18c1de9e67d75c023d46b0e8113c12f044f513b4
-
SHA256
2d6e7f634eb2adaddd8f3e593e966a2d83aaffb49cb5b1e9713d9159776875c9
-
SHA512
d38461f3ad2b8a31dbc8a7dea1ae24390c66fa14a1e7f1cfaa7d3b3109ae1bd292ea2cc4cb4488f27a1eb2ca1fb538b516bc4a64296efa4ee8bd91fe4bebc4e3
-
SSDEEP
3072:QyW4R/iRVS0J7GDnLrpMraPWEhhX+LB/5Wp+7/49UByp:Q6R/WyjLbPT4tME7Ri
-
Pony family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-