General
-
Target
8fe216fd017aae4eef639e4531644e6b_JaffaCakes118
-
Size
102KB
-
Sample
241104-h69n1sxepl
-
MD5
8fe216fd017aae4eef639e4531644e6b
-
SHA1
a2c5a3231761748613bf50e4d65ed0e6b129bdbc
-
SHA256
9470093d0bc54705d27187b41a1d54a6d1872db2ed84a6095a549c312d3d58c1
-
SHA512
282dd8e6580787e104068161efcfce82eeb717346f5358883de3d83788c23b36aa31ded778173ccc5dc5e5e9b74cf9acf2b78cdba5e6d1ba25c9e60efc975c80
-
SSDEEP
3072:ztPB0vuB8o1EVxEPM6bVa+GAgqc/a0IylW:zkvuBVCnEPpa+GAgqcyqlW
Static task
static1
Behavioral task
behavioral1
Sample
8fe216fd017aae4eef639e4531644e6b_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8fe216fd017aae4eef639e4531644e6b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
8fe216fd017aae4eef639e4531644e6b_JaffaCakes118
-
Size
102KB
-
MD5
8fe216fd017aae4eef639e4531644e6b
-
SHA1
a2c5a3231761748613bf50e4d65ed0e6b129bdbc
-
SHA256
9470093d0bc54705d27187b41a1d54a6d1872db2ed84a6095a549c312d3d58c1
-
SHA512
282dd8e6580787e104068161efcfce82eeb717346f5358883de3d83788c23b36aa31ded778173ccc5dc5e5e9b74cf9acf2b78cdba5e6d1ba25c9e60efc975c80
-
SSDEEP
3072:ztPB0vuB8o1EVxEPM6bVa+GAgqc/a0IylW:zkvuBVCnEPpa+GAgqcyqlW
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-