General
-
Target
2a87e0c85f8f44938bad571c66d6cc19_JaffaCakes118
-
Size
145KB
-
Sample
240708-b1tbhsydlg
-
MD5
2a87e0c85f8f44938bad571c66d6cc19
-
SHA1
c67a5a3c6a58af29f545ae288e77d7821a359b10
-
SHA256
a97fc356656893b3a2c7177b0447010ceaa87f500b29dc7528db7f32e0e4168c
-
SHA512
048ecef2a581b3676f070fcdbebb78d9fc9b3a2d30fd7ef0809fe8527a26ef93c92cc4f98cce1e3607e07f14615d3625c0a633b0a1b0eae1dbbad838d998bdb4
-
SSDEEP
3072:J9PkkIuM22lii4TRr9D94z78dZwCYNoPzkzR36kzagfovR9:HXYlu9D90CpPQ3ffovR
Static task
static1
Behavioral task
behavioral1
Sample
2a87e0c85f8f44938bad571c66d6cc19_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
pony
http://209.59.219.1/forum/viewtopic.php
http://212.58.20.11/forum/viewtopic.php
-
payload_url
http://www.ngcrc.net/Ksh96ft.exe
http://greencastle.it/2xb.exe
http://www.casa-colonial.com.ar/cK66AG.exe
Targets
-
-
Target
2a87e0c85f8f44938bad571c66d6cc19_JaffaCakes118
-
Size
145KB
-
MD5
2a87e0c85f8f44938bad571c66d6cc19
-
SHA1
c67a5a3c6a58af29f545ae288e77d7821a359b10
-
SHA256
a97fc356656893b3a2c7177b0447010ceaa87f500b29dc7528db7f32e0e4168c
-
SHA512
048ecef2a581b3676f070fcdbebb78d9fc9b3a2d30fd7ef0809fe8527a26ef93c92cc4f98cce1e3607e07f14615d3625c0a633b0a1b0eae1dbbad838d998bdb4
-
SSDEEP
3072:J9PkkIuM22lii4TRr9D94z78dZwCYNoPzkzR36kzagfovR9:HXYlu9D90CpPQ3ffovR
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-