General
-
Target
JaffaCakes118_5d6fa72eca589e49427bdc78fd3d4d43
-
Size
152KB
-
Sample
250115-vzrwvayrft
-
MD5
5d6fa72eca589e49427bdc78fd3d4d43
-
SHA1
90106e17b3ba7ab4b96ff9b8fb07eb846546a961
-
SHA256
8de877de85bc874a23bddfea80495266d47f1270c5a6250282a1dd65ac97936a
-
SHA512
e1e64af0c8dec2104a0d01aaacecaf9ccb7538e1d212f6d6033f2160fc35a1826b2e4098dc80bb7cfeb1d1e0a05940ea1033c90bb93f4287ad62ed739fc13348
-
SSDEEP
3072:rDQJlTOOu2gM7NLkuvt23W6IvEqaVHAzemN+J/S:XQJlTOagK/xvEPJ/S
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_5d6fa72eca589e49427bdc78fd3d4d43.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_5d6fa72eca589e49427bdc78fd3d4d43.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://tarabardian.net/forum/viewtopic.php
http://daddygohome.org/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_5d6fa72eca589e49427bdc78fd3d4d43
-
Size
152KB
-
MD5
5d6fa72eca589e49427bdc78fd3d4d43
-
SHA1
90106e17b3ba7ab4b96ff9b8fb07eb846546a961
-
SHA256
8de877de85bc874a23bddfea80495266d47f1270c5a6250282a1dd65ac97936a
-
SHA512
e1e64af0c8dec2104a0d01aaacecaf9ccb7538e1d212f6d6033f2160fc35a1826b2e4098dc80bb7cfeb1d1e0a05940ea1033c90bb93f4287ad62ed739fc13348
-
SSDEEP
3072:rDQJlTOOu2gM7NLkuvt23W6IvEqaVHAzemN+J/S:XQJlTOagK/xvEPJ/S
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-