General
-
Target
1b6cdd5708cec275f242f35e24d7ed5e_JaffaCakes118
-
Size
157KB
-
Sample
240701-qephrswhrl
-
MD5
1b6cdd5708cec275f242f35e24d7ed5e
-
SHA1
a2cacb469f5557f1ca3f9d19e820f7caf528628e
-
SHA256
7bf0e97bcfef53d3e670c99b9274ff44e7804241f13264fc50e68e66bbd172d9
-
SHA512
74f76855535e2ca647f74a804233c2234f77d034fc3f95b37660450a0498ccdb70eeb726b34323bf8f087bb6f93a4901f3a33b8b351fa2323acfd6f3068fecd3
-
SSDEEP
3072:gm8oEBOzTNFnOzQX3pxznIndEMe+B23ZR:gm8qzTNFOzQHpx0dIp3Z
Static task
static1
Behavioral task
behavioral1
Sample
1b6cdd5708cec275f242f35e24d7ed5e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://209.59.219.88/forum/viewtopic.php
-
payload_url
http://www.chandlerbacker.com/J9K.exe
http://bobinlaminasyonmakinalari.com/o9RYHbCx.exe
http://broadbentcompany.wsisrdev.com/KbGb.exe
Targets
-
-
Target
1b6cdd5708cec275f242f35e24d7ed5e_JaffaCakes118
-
Size
157KB
-
MD5
1b6cdd5708cec275f242f35e24d7ed5e
-
SHA1
a2cacb469f5557f1ca3f9d19e820f7caf528628e
-
SHA256
7bf0e97bcfef53d3e670c99b9274ff44e7804241f13264fc50e68e66bbd172d9
-
SHA512
74f76855535e2ca647f74a804233c2234f77d034fc3f95b37660450a0498ccdb70eeb726b34323bf8f087bb6f93a4901f3a33b8b351fa2323acfd6f3068fecd3
-
SSDEEP
3072:gm8oEBOzTNFnOzQX3pxznIndEMe+B23ZR:gm8qzTNFOzQHpx0dIp3Z
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-