Behavioral task
behavioral1
Sample
f0f18bc9fde3a2850814c5aa8720a60a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0f18bc9fde3a2850814c5aa8720a60a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
f0f18bc9fde3a2850814c5aa8720a60a_JaffaCakes118
-
Size
251KB
-
MD5
f0f18bc9fde3a2850814c5aa8720a60a
-
SHA1
6b4d7b0a834acac19d3e000baef33c189d6de6e2
-
SHA256
cd054380dd8340a48b80bb707a53a526e74080ed7013731d2a695ae3216c654b
-
SHA512
30ba79ffaa6d274689b4583bf32e12f9b171f7e2089b8c0003719ae8528c82e0b4f70df6f4de279fb7104188db22acde247cdbd38b703b9b296742e7b9123d5a
-
SSDEEP
6144:NkrjBJ7NevL4zZDIKGV8z3kuVFML/c6P:NkRVNuktDRTI
Malware Config
Extracted
mercurialgrabber
https://discord.com/api/webhooks/875481193993371748/t7IHV3pQMZ09Rf609CpkWo0Ily_70_5E-TqS9u3xSZQQIZ2gTRfd-tqcEG22P7BA_kbI
Signatures
-
Mercurialgrabber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource f0f18bc9fde3a2850814c5aa8720a60a_JaffaCakes118
Files
-
f0f18bc9fde3a2850814c5aa8720a60a_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 213KB - Virtual size: 213KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ