General
-
Target
JaffaCakes118_06e6d98b9320d3c40b99334926a99753
-
Size
160KB
-
Sample
250121-x38d4syjgr
-
MD5
06e6d98b9320d3c40b99334926a99753
-
SHA1
5fd3771bf3e3ecad7491ff5c3e77f232a1dd9d4a
-
SHA256
533ec7e960c65f29d22736a5fda276e533dd736141225d04743f60c8ecf3700e
-
SHA512
1065fd7e7d37f565f094405a8859214c9b355e82dcb37eb6432d9b5e103ebc31ac65528aa4f2fd12ad045897cfbef93ec85935c2ea9d58604f7a6dc03aaab155
-
SSDEEP
3072:xHhte6coooe1QJ9dQxQqZzFYYiYYrLlqhSesJyCrwEq:xHZsot9dkQezFYYCLluSesbrBq
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_06e6d98b9320d3c40b99334926a99753.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_06e6d98b9320d3c40b99334926a99753.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://akamaifilms.com:81/pony/gate.php
http://alliedtitanium.com:81/pony/gate.php
-
payload_url
http://eltonzawadka.ogicom.pl/1CE8Y.exe
http://csmju.jowave.com/fusX.exe
http://aos.za.com/6f3.exe
Targets
-
-
Target
JaffaCakes118_06e6d98b9320d3c40b99334926a99753
-
Size
160KB
-
MD5
06e6d98b9320d3c40b99334926a99753
-
SHA1
5fd3771bf3e3ecad7491ff5c3e77f232a1dd9d4a
-
SHA256
533ec7e960c65f29d22736a5fda276e533dd736141225d04743f60c8ecf3700e
-
SHA512
1065fd7e7d37f565f094405a8859214c9b355e82dcb37eb6432d9b5e103ebc31ac65528aa4f2fd12ad045897cfbef93ec85935c2ea9d58604f7a6dc03aaab155
-
SSDEEP
3072:xHhte6coooe1QJ9dQxQqZzFYYiYYrLlqhSesJyCrwEq:xHZsot9dkQezFYYCLluSesbrBq
-
Pony family
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-