General
-
Target
27c11826a3dd62c530e4edfbf7fcc05e_JaffaCakes118
-
Size
151KB
-
Sample
240706-jf78ya1brj
-
MD5
27c11826a3dd62c530e4edfbf7fcc05e
-
SHA1
c20f738102c378851639a916e9963f3b906f882a
-
SHA256
7c0e15622e7ae3a2367574e69a21d6cf3859e9d40fed1e5d9798abf49be0e64c
-
SHA512
54e5e6333447afe717ac048eb5204b044cb848d12d2d590aa075af053000f9194d4fc4ac29dc1589811c5f4bdcf33a8d78a0ce3051ad4b14eaa0a0814c22c3f3
-
SSDEEP
3072:pK7pS4GXhfwuq9O8y+FG53ZDw+EGzDS/1GTaDZT8WWxDgc2UVbAnA9LcanJL0G6J:EQgjwCYsLKjnbQuwj
Static task
static1
Behavioral task
behavioral1
Sample
27c11826a3dd62c530e4edfbf7fcc05e_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://216.231.139.111/forum/viewtopic.php
-
payload_url
http://realitycoaching.es/23sf.exe
http://kms-anwaelte.de/mvCo.exe
http://sikimed.de/DiGyi.exe
Targets
-
-
Target
27c11826a3dd62c530e4edfbf7fcc05e_JaffaCakes118
-
Size
151KB
-
MD5
27c11826a3dd62c530e4edfbf7fcc05e
-
SHA1
c20f738102c378851639a916e9963f3b906f882a
-
SHA256
7c0e15622e7ae3a2367574e69a21d6cf3859e9d40fed1e5d9798abf49be0e64c
-
SHA512
54e5e6333447afe717ac048eb5204b044cb848d12d2d590aa075af053000f9194d4fc4ac29dc1589811c5f4bdcf33a8d78a0ce3051ad4b14eaa0a0814c22c3f3
-
SSDEEP
3072:pK7pS4GXhfwuq9O8y+FG53ZDw+EGzDS/1GTaDZT8WWxDgc2UVbAnA9LcanJL0G6J:EQgjwCYsLKjnbQuwj
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-