General
-
Target
1d32a671114398ba25419de64832517f_JaffaCakes118
-
Size
128KB
-
Sample
240702-bdakws1apb
-
MD5
1d32a671114398ba25419de64832517f
-
SHA1
8f1c13547abec968bf912d8c6de6f9e68d600a81
-
SHA256
987434d4de5d24bb48124e6f0d37504ba66f159269e1627eeb116815697bae60
-
SHA512
36bcee280266d265fffb3e17e302799a8eef4707be8ffdc627045ebe36561a3dae245d6233316b02d51e3a42da5ad44e46341ab4d4f76a3d9139a8980505a1f2
-
SSDEEP
3072:uGHi6mwIZeZWsHDXVjMveyYshh5v28zdfBeSg:+3ZPsHDXV1shf28ztr
Static task
static1
Behavioral task
behavioral1
Sample
1d32a671114398ba25419de64832517f_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://216.231.139.111/forum/viewtopic.php
-
payload_url
http://realitycoaching.es/pm3Wi2bw.exe
http://xmacorporation.com/ajaxam.js/7Gg10T4.exe
Targets
-
-
Target
1d32a671114398ba25419de64832517f_JaffaCakes118
-
Size
128KB
-
MD5
1d32a671114398ba25419de64832517f
-
SHA1
8f1c13547abec968bf912d8c6de6f9e68d600a81
-
SHA256
987434d4de5d24bb48124e6f0d37504ba66f159269e1627eeb116815697bae60
-
SHA512
36bcee280266d265fffb3e17e302799a8eef4707be8ffdc627045ebe36561a3dae245d6233316b02d51e3a42da5ad44e46341ab4d4f76a3d9139a8980505a1f2
-
SSDEEP
3072:uGHi6mwIZeZWsHDXVjMveyYshh5v28zdfBeSg:+3ZPsHDXV1shf28ztr
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-