General
-
Target
bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118
-
Size
115KB
-
Sample
241203-denj9asmem
-
MD5
bb681cfd66e9dc91930f20e41939b53b
-
SHA1
593d91d23f4f06addec647a8c6ac074b1ccc0fad
-
SHA256
595e4e0b7303de12d579d6c6491dd73f0de4d16d1ea912ca88e6c9b3b47e26ae
-
SHA512
4f4681a80830aa8bddc30c70c377e4476e59bfe9b3939ffd211ad5ac569ff4fb060fd07c2d98f7a801abba65117d7a4665f6e08432e254e100b6c7cf2799e2f0
-
SSDEEP
3072:a5Y0Prv1m7OXFz8g5F7zKw97iGUkClPTxsq6e:ov11Vz8g5797KkmxN
Static task
static1
Behavioral task
behavioral1
Sample
bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://applicationforce.com/forum/viewtopic.php
http://decinter.com/forum/viewtopic.php
http://decinteractive.com/forum/viewtopic.php
http://listingforce.net/forum/viewtopic.php
-
payload_url
http://globaldoesitall.com/hPr0.exe
http://ftp.lmcg.lu/tAx.exe
http://derricoassociati.it/rjrtYyw5.exe
http://9ain.net/easm1.exe
Targets
-
-
Target
bb681cfd66e9dc91930f20e41939b53b_JaffaCakes118
-
Size
115KB
-
MD5
bb681cfd66e9dc91930f20e41939b53b
-
SHA1
593d91d23f4f06addec647a8c6ac074b1ccc0fad
-
SHA256
595e4e0b7303de12d579d6c6491dd73f0de4d16d1ea912ca88e6c9b3b47e26ae
-
SHA512
4f4681a80830aa8bddc30c70c377e4476e59bfe9b3939ffd211ad5ac569ff4fb060fd07c2d98f7a801abba65117d7a4665f6e08432e254e100b6c7cf2799e2f0
-
SSDEEP
3072:a5Y0Prv1m7OXFz8g5F7zKw97iGUkClPTxsq6e:ov11Vz8g5797KkmxN
-
Pony family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-