General
-
Target
JaffaCakes118_ae0101cb8e653256741d22411dc89f74
-
Size
161KB
-
Sample
250118-taflvaykdj
-
MD5
ae0101cb8e653256741d22411dc89f74
-
SHA1
c392c311dd73941d65b0dbc8025d2e69195f16a1
-
SHA256
9f435d42422aaaf4b24496820fd02c7f10475c02cc51e95f6df670990cafbe04
-
SHA512
f61e7ae53f907ec06b35d3d770722bed160245f69cc431b96af0ccdaa67568c3598047c7830b1a0fa5beb0924051a38cd71ba0affbdf858a7a0e5c57dcbb1da6
-
SSDEEP
3072:8VNG9/bF9s/QUqto8otUPC8cW/y3n9eCh5KG:8VNG9ZyIUqtofYHwn5F
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ae0101cb8e653256741d22411dc89f74.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ae0101cb8e653256741d22411dc89f74.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://spv.bagraphix.com/forum/viewtopic.php
http://spv.ktzataheret.com/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_ae0101cb8e653256741d22411dc89f74
-
Size
161KB
-
MD5
ae0101cb8e653256741d22411dc89f74
-
SHA1
c392c311dd73941d65b0dbc8025d2e69195f16a1
-
SHA256
9f435d42422aaaf4b24496820fd02c7f10475c02cc51e95f6df670990cafbe04
-
SHA512
f61e7ae53f907ec06b35d3d770722bed160245f69cc431b96af0ccdaa67568c3598047c7830b1a0fa5beb0924051a38cd71ba0affbdf858a7a0e5c57dcbb1da6
-
SSDEEP
3072:8VNG9/bF9s/QUqto8otUPC8cW/y3n9eCh5KG:8VNG9ZyIUqtofYHwn5F
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-