Behavioral task
behavioral1
Sample
bfe1e9389f01e7f6bb5d50d65c71dd95_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
bfe1e9389f01e7f6bb5d50d65c71dd95_JaffaCakes118
-
Size
340KB
-
MD5
bfe1e9389f01e7f6bb5d50d65c71dd95
-
SHA1
fd0b83490e4afa15aafcb43d636bfd12188f7e4c
-
SHA256
1438104b9090e6cbbf83f3afa232d4a05a7ad1a9be7812f919380b51b993c94c
-
SHA512
4ffca6fd30c215216b5adc6da97d000af6f16e165bf3564ef28d2f28670cfc1ef3e23375446aba4988e681ce849cf68da5b717e8943e7e76ea91a34183102b4a
-
SSDEEP
6144:ExvZdXMV2vr0Mwl72tuueH5ZXfr738DtqOm0eeuT5:WMVwe72tun3zb8DBxeeg
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
resource yara_rule sample family_zgrat_v1 -
Zgrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bfe1e9389f01e7f6bb5d50d65c71dd95_JaffaCakes118
Files
-
bfe1e9389f01e7f6bb5d50d65c71dd95_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ