General
-
Target
294037b8a1d0c282158fc1e1210b2e1e_JaffaCakes118
-
Size
127KB
-
Sample
240706-xh46yszfkm
-
MD5
294037b8a1d0c282158fc1e1210b2e1e
-
SHA1
a87416de27f2fb6ea4385bb61f57f6a8289b75c0
-
SHA256
c7024954d992190e3487e86d153b185dee969eafb551a1209405cfd231f22feb
-
SHA512
0b610bd81b943a0e5eaea9901b333c9cb0b7d75254b9f178d1a30d18ebbeba02eba72c1ed63920fb3606eb4a2938a3aa0829ef78e083e4ec705dbb5aeefa995f
-
SSDEEP
1536:5+hMLcaZYuh+l6QvHWnb3n6c3Qi4OFyG2D5SIo4lysxPgZ1FaHthHU83fUvCM0kj:5cYd9MHWb363OFkDjduK0g8D0kj
Static task
static1
Behavioral task
behavioral1
Sample
294037b8a1d0c282158fc1e1210b2e1e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
294037b8a1d0c282158fc1e1210b2e1e_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
pony
http://aloucakbileti.com:8080/pony/gate.php
http://109.123.109.150:8080/pony/gate.php
-
payload_url
http://identis.ro/cvWP.exe
http://chmsolutions.co.za/Pz7u9UjZ.exe
http://nailsupply.sakura.ne.jp/ddJud.exe
Targets
-
-
Target
294037b8a1d0c282158fc1e1210b2e1e_JaffaCakes118
-
Size
127KB
-
MD5
294037b8a1d0c282158fc1e1210b2e1e
-
SHA1
a87416de27f2fb6ea4385bb61f57f6a8289b75c0
-
SHA256
c7024954d992190e3487e86d153b185dee969eafb551a1209405cfd231f22feb
-
SHA512
0b610bd81b943a0e5eaea9901b333c9cb0b7d75254b9f178d1a30d18ebbeba02eba72c1ed63920fb3606eb4a2938a3aa0829ef78e083e4ec705dbb5aeefa995f
-
SSDEEP
1536:5+hMLcaZYuh+l6QvHWnb3n6c3Qi4OFyG2D5SIo4lysxPgZ1FaHthHU83fUvCM0kj:5cYd9MHWb363OFkDjduK0g8D0kj
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-