General
-
Target
bfd38964ce5ed7eb0298112762d73661_JaffaCakes118
-
Size
378KB
-
Sample
240404-xbrmaaff94
-
MD5
bfd38964ce5ed7eb0298112762d73661
-
SHA1
f44f6c31834a5e615b35a79e34c8396f31a440d3
-
SHA256
e3e6b0c7c76f1e07644749b4666f7c24bb9f061a9b9d0413623281d141cfa32f
-
SHA512
4883083f628d89e5a41a847df4c84983b1e6779ba7f0176a70c6ce84b7dc0867362ab2296e8bb108018599e6b14a540a46d69ad3400c8aa0a0db8ccf4fff65e2
-
SSDEEP
6144:YtojtTr+jbe26iPrJ0gDn2ykShB9uh1NeCx5CmkxIGgz2na6Ja:YtojxK3SQ0jS8LNeCx5PGgz2ah
Static task
static1
Behavioral task
behavioral1
Sample
bfd38964ce5ed7eb0298112762d73661_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
cemfyj62.top
morota06.top
-
payload_url
http://bojitn09.top/download.php?file=lv.exe
Targets
-
-
Target
bfd38964ce5ed7eb0298112762d73661_JaffaCakes118
-
Size
378KB
-
MD5
bfd38964ce5ed7eb0298112762d73661
-
SHA1
f44f6c31834a5e615b35a79e34c8396f31a440d3
-
SHA256
e3e6b0c7c76f1e07644749b4666f7c24bb9f061a9b9d0413623281d141cfa32f
-
SHA512
4883083f628d89e5a41a847df4c84983b1e6779ba7f0176a70c6ce84b7dc0867362ab2296e8bb108018599e6b14a540a46d69ad3400c8aa0a0db8ccf4fff65e2
-
SSDEEP
6144:YtojtTr+jbe26iPrJ0gDn2ykShB9uh1NeCx5CmkxIGgz2na6Ja:YtojxK3SQ0jS8LNeCx5PGgz2ah
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-