General
-
Target
e25cbaf3f12e860c2ab4654d70902e67_JaffaCakes118
-
Size
630KB
-
Sample
240406-mthrzsge21
-
MD5
e25cbaf3f12e860c2ab4654d70902e67
-
SHA1
ccb92bcfd20f2dd2653d6949b8868249a9dc89ab
-
SHA256
f3c94062ec97824744849119db80e25f7ff29eb464996484f91f87d5c923e7eb
-
SHA512
0f3fb1ef18402e2af5aa01f5ab9db36b2a1e547ebf4bf8b6d69d6fa7239b4ec4c7374160c750ad9d316edc14011fe7675f2f56a49cd5ff6058eb72365af4bca6
-
SSDEEP
12288:GR/JZdzym/dZbUOEq8tftv0InEmkXwoE:GRRZdmmVZbuDlsInEVXw
Static task
static1
Behavioral task
behavioral1
Sample
e25cbaf3f12e860c2ab4654d70902e67_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cryptbot
ewakyc72.top
moraiw07.top
-
payload_url
http://winfyn10.top/download.php?file=lv.exe
Targets
-
-
Target
e25cbaf3f12e860c2ab4654d70902e67_JaffaCakes118
-
Size
630KB
-
MD5
e25cbaf3f12e860c2ab4654d70902e67
-
SHA1
ccb92bcfd20f2dd2653d6949b8868249a9dc89ab
-
SHA256
f3c94062ec97824744849119db80e25f7ff29eb464996484f91f87d5c923e7eb
-
SHA512
0f3fb1ef18402e2af5aa01f5ab9db36b2a1e547ebf4bf8b6d69d6fa7239b4ec4c7374160c750ad9d316edc14011fe7675f2f56a49cd5ff6058eb72365af4bca6
-
SSDEEP
12288:GR/JZdzym/dZbUOEq8tftv0InEmkXwoE:GRRZdmmVZbuDlsInEVXw
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-