General
-
Target
JaffaCakes118_a86421991263283ccd867353017bbf89
-
Size
152KB
-
Sample
250118-ngjdes1rbs
-
MD5
a86421991263283ccd867353017bbf89
-
SHA1
a13dddce633c30ddc0f4aae476d7055c5fa13d92
-
SHA256
3544c986ce4c11e4658b52dc013953460b2d935d6e5d76bbd0cf046d2ae478ec
-
SHA512
b2b60ae6d9c1c256965658c92b1081f6e72aab78a1a25c1aa99666b86497cb85481517a67939aaa82d69168ea090cfe1c6f0f5f123d078465efb65988e4732d0
-
SSDEEP
3072:KRZDpCnOOMaPC39ooI7z/P5G6pcFwn1l2EQ0vqpYbb1gbu:KRFpCnOOhCW7f/Jp+S1lfz9gbu
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_a86421991263283ccd867353017bbf89.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_a86421991263283ccd867353017bbf89.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://1.aliciatappdesigns.net/forum/viewtopic.php
http://1.aliciatappdesigns.org/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_a86421991263283ccd867353017bbf89
-
Size
152KB
-
MD5
a86421991263283ccd867353017bbf89
-
SHA1
a13dddce633c30ddc0f4aae476d7055c5fa13d92
-
SHA256
3544c986ce4c11e4658b52dc013953460b2d935d6e5d76bbd0cf046d2ae478ec
-
SHA512
b2b60ae6d9c1c256965658c92b1081f6e72aab78a1a25c1aa99666b86497cb85481517a67939aaa82d69168ea090cfe1c6f0f5f123d078465efb65988e4732d0
-
SSDEEP
3072:KRZDpCnOOMaPC39ooI7z/P5G6pcFwn1l2EQ0vqpYbb1gbu:KRFpCnOOhCW7f/Jp+S1lfz9gbu
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-