General
-
Target
2609ddad54f36b33d2ae47aa5381fcdc_JaffaCakes118
-
Size
114KB
-
Sample
240704-ygyhfsxhjc
-
MD5
2609ddad54f36b33d2ae47aa5381fcdc
-
SHA1
a4f761ea53e22d5974dd260cd9f11b7c9ed13dd2
-
SHA256
27416c75fcaabf2fd4b35549920b046c9d0185bd6502a7143548ee8e77ad387b
-
SHA512
94c7f6f5ab856d5251ca8dc7a0dd20cad33383e5b24dabfb42fa48512fd34cea183aa382fbe93e5126603071789e8522e90c152280013bf74f0a077b4a2c5f85
-
SSDEEP
3072:/XAtWYKBlVAgGXvcPlUTYHRR6moLfN922X7p9:fAoYKXVA3slU+8PX7
Static task
static1
Behavioral task
behavioral1
Sample
2609ddad54f36b33d2ae47aa5381fcdc_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://74.91.112.151/pony/gate.php
-
payload_url
http://issaquahmartialarts.com/3DxZzEm5/AKk.exe
http://fendricklaw.com/pkchHrdt/7vtVvzK.exe
http://vysreli.com/YHrRb1xv/z9HVbbZz.exe
Targets
-
-
Target
2609ddad54f36b33d2ae47aa5381fcdc_JaffaCakes118
-
Size
114KB
-
MD5
2609ddad54f36b33d2ae47aa5381fcdc
-
SHA1
a4f761ea53e22d5974dd260cd9f11b7c9ed13dd2
-
SHA256
27416c75fcaabf2fd4b35549920b046c9d0185bd6502a7143548ee8e77ad387b
-
SHA512
94c7f6f5ab856d5251ca8dc7a0dd20cad33383e5b24dabfb42fa48512fd34cea183aa382fbe93e5126603071789e8522e90c152280013bf74f0a077b4a2c5f85
-
SSDEEP
3072:/XAtWYKBlVAgGXvcPlUTYHRR6moLfN922X7p9:fAoYKXVA3slU+8PX7
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-