General
-
Target
1ad01e78a0d3fbfeed6214a978832bf8_JaffaCakes118
-
Size
157KB
-
Sample
240701-lqa3asvake
-
MD5
1ad01e78a0d3fbfeed6214a978832bf8
-
SHA1
bae5e41125f0c00d7f91db6722d62b19b2a316da
-
SHA256
faa340be50691bf0e14536b1f7e80831f07092920a857e69114ddc39904b498e
-
SHA512
a034fdbbca832e3ff85eaa353c7fc4301f8742cf3b696ddfcdeb858e7ba63be87ec5dec0ca4d0f86c69d36b8da569193bc63091eeefc7e81f1333b771ed15f91
-
SSDEEP
3072:gm+9OQoTNF3M6C53V4LOEEHggRMdlkhpwX4qOHR:gm+RoTNFc53V4LAAg8AwXn2
Static task
static1
Behavioral task
behavioral1
Sample
1ad01e78a0d3fbfeed6214a978832bf8_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://209.59.219.88/forum/viewtopic.php
-
payload_url
http://www.drachenboot-strausberg.de/rgbykPm.exe
http://realitycoaching.es/23sf.exe
http://kms-anwaelte.de/mvCo.exe
Targets
-
-
Target
1ad01e78a0d3fbfeed6214a978832bf8_JaffaCakes118
-
Size
157KB
-
MD5
1ad01e78a0d3fbfeed6214a978832bf8
-
SHA1
bae5e41125f0c00d7f91db6722d62b19b2a316da
-
SHA256
faa340be50691bf0e14536b1f7e80831f07092920a857e69114ddc39904b498e
-
SHA512
a034fdbbca832e3ff85eaa353c7fc4301f8742cf3b696ddfcdeb858e7ba63be87ec5dec0ca4d0f86c69d36b8da569193bc63091eeefc7e81f1333b771ed15f91
-
SSDEEP
3072:gm+9OQoTNF3M6C53V4LOEEHggRMdlkhpwX4qOHR:gm+RoTNFc53V4LAAg8AwXn2
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-