General
-
Target
286be0ed1f0366b39d003c5d69f0ae7c_JaffaCakes118
-
Size
150KB
-
Sample
240706-rd99hssdma
-
MD5
286be0ed1f0366b39d003c5d69f0ae7c
-
SHA1
cddfcca6faaf2c0a745f17cb0a786fff7db1e9ca
-
SHA256
ca93ff7dd116be287354840f5549259cba2d1d77f7bbc9576c06dec5f5df2eef
-
SHA512
f5abb8686c05d71991758fe571b4178514e800fb93821b55a05112215b30e8c8d19115a8754cb0e2bd0062f6da8f6508b27c4e20e66c35dacdbc5cf49dddcf9f
-
SSDEEP
3072:ncu6l6anf8XUONX7xWBhkajiI6YsS4F0/ObQ20qKrUiUS9Ao:VTcf6dWNf6Y14mOb8q8hmo
Static task
static1
Behavioral task
behavioral1
Sample
286be0ed1f0366b39d003c5d69f0ae7c_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
pony
http://66.55.89.149:8080/forum/viewtopic.php
http://66.55.89.150:8080/forum/viewtopic.php
-
payload_url
http://boletin.puntoimpresion.com/Qnrnh53B.exe
http://taznet.net/3Bs.exe
http://stellenboschheritage.co.za/6HefV0.exe
http://etradi.webgenshop.nl/xWP.exe
Targets
-
-
Target
286be0ed1f0366b39d003c5d69f0ae7c_JaffaCakes118
-
Size
150KB
-
MD5
286be0ed1f0366b39d003c5d69f0ae7c
-
SHA1
cddfcca6faaf2c0a745f17cb0a786fff7db1e9ca
-
SHA256
ca93ff7dd116be287354840f5549259cba2d1d77f7bbc9576c06dec5f5df2eef
-
SHA512
f5abb8686c05d71991758fe571b4178514e800fb93821b55a05112215b30e8c8d19115a8754cb0e2bd0062f6da8f6508b27c4e20e66c35dacdbc5cf49dddcf9f
-
SSDEEP
3072:ncu6l6anf8XUONX7xWBhkajiI6YsS4F0/ObQ20qKrUiUS9Ao:VTcf6dWNf6Y14mOb8q8hmo
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-