General
-
Target
ff0a0fb60f802d18b357b8b3506909de_JaffaCakes118
-
Size
586KB
-
Sample
240421-l6ltqsge59
-
MD5
ff0a0fb60f802d18b357b8b3506909de
-
SHA1
7ea1041d0287adcfe5189fcc6f84cb449220647c
-
SHA256
21a27023f4316ff356a2ff7d5c8ef5431d65217da4496820d8865666fe8cd11e
-
SHA512
377523a9a7b72bc03c2d40e71f27055ae89490ad776972eb8894469b395e4291c50ac951bf288d84d0e3ecdd9fc4c92976c8a7a2e37801dc5a99d9ab9542bbbe
-
SSDEEP
12288:2XoxQ9UJJrIU9/wL6Zzil5DtDELVsLffMjiOc5ogA5bssQ:2uQ98TJFuZsVsLkmVodJss
Static task
static1
Behavioral task
behavioral1
Sample
ff0a0fb60f802d18b357b8b3506909de_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
cryptbot
ewayab32.top
morxeg03.top
-
payload_url
http://winxob04.top/download.php?file=lv.exe
Targets
-
-
Target
ff0a0fb60f802d18b357b8b3506909de_JaffaCakes118
-
Size
586KB
-
MD5
ff0a0fb60f802d18b357b8b3506909de
-
SHA1
7ea1041d0287adcfe5189fcc6f84cb449220647c
-
SHA256
21a27023f4316ff356a2ff7d5c8ef5431d65217da4496820d8865666fe8cd11e
-
SHA512
377523a9a7b72bc03c2d40e71f27055ae89490ad776972eb8894469b395e4291c50ac951bf288d84d0e3ecdd9fc4c92976c8a7a2e37801dc5a99d9ab9542bbbe
-
SSDEEP
12288:2XoxQ9UJJrIU9/wL6Zzil5DtDELVsLffMjiOc5ogA5bssQ:2uQ98TJFuZsVsLkmVodJss
-
CryptBot payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-