General
-
Target
26eec7f89b98e56bf28db7c9add39a6f_JaffaCakes118
-
Size
129KB
-
Sample
240705-qcva8s1fjc
-
MD5
26eec7f89b98e56bf28db7c9add39a6f
-
SHA1
45ee2b07145d2b714c48f6f5b966d16823dd4b35
-
SHA256
16ffd86b1b1ecad010a3aff298c9ce2cb6585318c6feecb9ce98de5886a07714
-
SHA512
15ac115691b9d91f85c9b30ed60487e13c16c0fea6c7dfb0c74fcc7f7ce94d41fceef7f598e452073bb67a50aa7637c3d35db9b2938ca46a678f27b055999caf
-
SSDEEP
1536:UUBiFqtXmPmgC9B2lciLKuIHe9J46geNIvB3Qo+OB6FLsjL7k3JhYxYYG0L1UldF:UOn16mg2olbvdY1ZvpQxOAJhcf0E
Static task
static1
Behavioral task
behavioral1
Sample
26eec7f89b98e56bf28db7c9add39a6f_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://74.91.117.168/forum/viewtopic.php
-
payload_url
http://cpps.or.id/KwV8AXN.exe
http://citleg.org/UptP.exe
http://text-konverter.homepage.t-online.de/xr0C7eW.exe
Targets
-
-
Target
26eec7f89b98e56bf28db7c9add39a6f_JaffaCakes118
-
Size
129KB
-
MD5
26eec7f89b98e56bf28db7c9add39a6f
-
SHA1
45ee2b07145d2b714c48f6f5b966d16823dd4b35
-
SHA256
16ffd86b1b1ecad010a3aff298c9ce2cb6585318c6feecb9ce98de5886a07714
-
SHA512
15ac115691b9d91f85c9b30ed60487e13c16c0fea6c7dfb0c74fcc7f7ce94d41fceef7f598e452073bb67a50aa7637c3d35db9b2938ca46a678f27b055999caf
-
SSDEEP
1536:UUBiFqtXmPmgC9B2lciLKuIHe9J46geNIvB3Qo+OB6FLsjL7k3JhYxYYG0L1UldF:UOn16mg2olbvdY1ZvpQxOAJhcf0E
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-