General
-
Target
1c5a4ff2ecf7f1faf21b28e4d45668b4_JaffaCakes118
-
Size
188KB
-
Sample
240701-y1z6dsxcmh
-
MD5
1c5a4ff2ecf7f1faf21b28e4d45668b4
-
SHA1
d6a7efd1333518b67d62007ac8d9b48a00f560ae
-
SHA256
243c72528f3271839f0ae21863a0515776337d2a33d2b0f759de2ea6870e069b
-
SHA512
13d2d820b1f4df09f9d23ab07a199e0be154846360de4e788babf478ebbd1471a40d67f4c2d42a55542f6d0f1fd5c8a6664f1971c241e5e960bd4282f497f006
-
SSDEEP
3072:1RH2tlzADOxKcTHwGTCVVPbSOVoCHnrIH308R:1NwlzTzTwGmTzToArIZ
Static task
static1
Behavioral task
behavioral1
Sample
1c5a4ff2ecf7f1faf21b28e4d45668b4_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
pony
http://classicmodels.at:8080/forum/viewtopic.php
http://diva-code.at:8080/forum/viewtopic.php
-
payload_url
http://creativeasylumlive.com/MGDVK1.exe
http://medplus.fr/sfR.exe
http://rtserv.co.za/9uvSc.exe
Targets
-
-
Target
1c5a4ff2ecf7f1faf21b28e4d45668b4_JaffaCakes118
-
Size
188KB
-
MD5
1c5a4ff2ecf7f1faf21b28e4d45668b4
-
SHA1
d6a7efd1333518b67d62007ac8d9b48a00f560ae
-
SHA256
243c72528f3271839f0ae21863a0515776337d2a33d2b0f759de2ea6870e069b
-
SHA512
13d2d820b1f4df09f9d23ab07a199e0be154846360de4e788babf478ebbd1471a40d67f4c2d42a55542f6d0f1fd5c8a6664f1971c241e5e960bd4282f497f006
-
SSDEEP
3072:1RH2tlzADOxKcTHwGTCVVPbSOVoCHnrIH308R:1NwlzTzTwGmTzToArIZ
-
Deletes itself
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-