Behavioral task
behavioral1
Sample
eb8bf9de8ed605a79f3b4834ee654fda_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eb8bf9de8ed605a79f3b4834ee654fda_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
eb8bf9de8ed605a79f3b4834ee654fda_JaffaCakes118
-
Size
158KB
-
MD5
eb8bf9de8ed605a79f3b4834ee654fda
-
SHA1
2952322495eb41003dc8b97859d5a97bdde9251d
-
SHA256
0521bb85472869598d9aa822b11edc04044dbe876dbf9900565bfdc8e02c2b21
-
SHA512
d2d6f590c391ecfe9ad1a08023c06cce661836216d116695adeb6df660377eb87026af6302b28fffad417faea39282c46a19c45fa0ad2790486448d6968cb307
-
SSDEEP
1536:wcKfnSXceuWT7xF7E7eQ43LbNMkjMQynuQRwPV:18SXce7TlF7Ei/3VVGC
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/877157186038538242/Jfn5YJR9dTyjNeBSpcWKRLNBhoSeee29t9iufwyScwEjBuFZfgYTH8chtFnrCnenyW_3
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource eb8bf9de8ed605a79f3b4834ee654fda_JaffaCakes118
Files
-
eb8bf9de8ed605a79f3b4834ee654fda_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 118KB - Virtual size: 118KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ