General
-
Target
f9af548e2c4d65420221d5885ed92a47_JaffaCakes118
-
Size
99KB
-
Sample
241218-cj3z3azjck
-
MD5
f9af548e2c4d65420221d5885ed92a47
-
SHA1
6b75c426da781cc370d83a10fb83b94277cf2d94
-
SHA256
48459a24a4b40dd6516adc23d8118c9f50bfa322413729fd2fdf7759f1a9f8cf
-
SHA512
6a958ceafaab855ce00182febc750a9b03decb944c75411e94a4e0ed0a4741e2dbcfcb371deb62a07412aef571b8a91f438585bc3499bb61a8d2846213e6b5bf
-
SSDEEP
3072:lS1CNNOcVtbfID70pbjrxwD7e6ibEkz7:8CNoQbfID7II7e6ibb
Static task
static1
Behavioral task
behavioral1
Sample
f9af548e2c4d65420221d5885ed92a47_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f9af548e2c4d65420221d5885ed92a47_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
f9af548e2c4d65420221d5885ed92a47_JaffaCakes118
-
Size
99KB
-
MD5
f9af548e2c4d65420221d5885ed92a47
-
SHA1
6b75c426da781cc370d83a10fb83b94277cf2d94
-
SHA256
48459a24a4b40dd6516adc23d8118c9f50bfa322413729fd2fdf7759f1a9f8cf
-
SHA512
6a958ceafaab855ce00182febc750a9b03decb944c75411e94a4e0ed0a4741e2dbcfcb371deb62a07412aef571b8a91f438585bc3499bb61a8d2846213e6b5bf
-
SSDEEP
3072:lS1CNNOcVtbfID70pbjrxwD7e6ibEkz7:8CNoQbfID7II7e6ibb
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-