General
-
Target
286b49270364a6a8d80accf993029c14_JaffaCakes118
-
Size
114KB
-
Sample
240706-rdq6mszcnp
-
MD5
286b49270364a6a8d80accf993029c14
-
SHA1
cfacd84ca421a208f51fa9ea033f52d999e499c4
-
SHA256
6f0ee3ea2e0e103a1b7d96ffbe051cbb5a5b164b7539d5f23d2a398b11f38bfd
-
SHA512
0c95526242d3963c5f6ee4e02c403420f61b710bdc1ab6c9f61ed75454726e2559dcc054ad735617ed6011b4377db16e595f68ceb5b6277c296fc757526919a9
-
SSDEEP
3072:/XAtWYKBlV6EsGMBwJl7VMFmEn6mot6NxsyUH9:fAoYKXV63Byl7Jie
Static task
static1
Behavioral task
behavioral1
Sample
286b49270364a6a8d80accf993029c14_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
-
payload_url
http://alcaponecigarillos.com/RdKtpaU.exe
http://artseo.abetka.kiev.ua/urS1R.exe
http://hunterland.com.ua/MTgQrd.exe
Targets
-
-
Target
286b49270364a6a8d80accf993029c14_JaffaCakes118
-
Size
114KB
-
MD5
286b49270364a6a8d80accf993029c14
-
SHA1
cfacd84ca421a208f51fa9ea033f52d999e499c4
-
SHA256
6f0ee3ea2e0e103a1b7d96ffbe051cbb5a5b164b7539d5f23d2a398b11f38bfd
-
SHA512
0c95526242d3963c5f6ee4e02c403420f61b710bdc1ab6c9f61ed75454726e2559dcc054ad735617ed6011b4377db16e595f68ceb5b6277c296fc757526919a9
-
SSDEEP
3072:/XAtWYKBlV6EsGMBwJl7VMFmEn6mot6NxsyUH9:fAoYKXV63Byl7Jie
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-