General
-
Target
fb90727bc2963c905fb7c58186117a3f_JaffaCakes118
-
Size
164KB
-
Sample
241218-pterfayqds
-
MD5
fb90727bc2963c905fb7c58186117a3f
-
SHA1
51fd33dad0d52c452ab8f53aadf3f1e31f73e099
-
SHA256
e5031142a1cbd692d2d52fd56303e546515f052998f8c511aae2a5df8d70bfa3
-
SHA512
6cdffc55195c5dd89347c699cb38daa23d86eed91d0873a956a0af81ef39c5cb9f1d59c3126f67062744e9a229406a6b4a5007e5b80803bb91fa8acd6e169323
-
SSDEEP
3072:xoAyE5h6acBF18N5aSaJkr+mVOTaIMBf0Ln/UXgVhcZOLFeOm:xByE5caYSN5aTJkqmVOOeLncXgjm
Static task
static1
Behavioral task
behavioral1
Sample
fb90727bc2963c905fb7c58186117a3f_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fb90727bc2963c905fb7c58186117a3f_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://149.255.99.32:8080/forum/viewtopic.php
http://69.163.40.128/forum/viewtopic.php
-
payload_url
http://realitycoaching.es/pm3Wi2bw.exe
http://www.10130138.wavelearn.de/o2DtCsW.exe
http://xmacorporation.com/ajaxam.js/7Gg10T4.exe
Targets
-
-
Target
fb90727bc2963c905fb7c58186117a3f_JaffaCakes118
-
Size
164KB
-
MD5
fb90727bc2963c905fb7c58186117a3f
-
SHA1
51fd33dad0d52c452ab8f53aadf3f1e31f73e099
-
SHA256
e5031142a1cbd692d2d52fd56303e546515f052998f8c511aae2a5df8d70bfa3
-
SHA512
6cdffc55195c5dd89347c699cb38daa23d86eed91d0873a956a0af81ef39c5cb9f1d59c3126f67062744e9a229406a6b4a5007e5b80803bb91fa8acd6e169323
-
SSDEEP
3072:xoAyE5h6acBF18N5aSaJkr+mVOTaIMBf0Ln/UXgVhcZOLFeOm:xByE5caYSN5aTJkqmVOOeLncXgjm
-
Pony family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-