Behavioral task
behavioral1
Sample
f811242287736b95bc2a2d5da50a4009_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
f811242287736b95bc2a2d5da50a4009_JaffaCakes118
-
Size
10.9MB
-
MD5
f811242287736b95bc2a2d5da50a4009
-
SHA1
fe7cf455dd03acd24bdefb7ddf495f0a4194e02d
-
SHA256
b00c0a64eccc3701e4d5e9114eb931e125f7407cf0f5f6cc18b32765b1c5ce52
-
SHA512
97981e9513de1ded5ea01dc121ad852204619555f9f200916a9f23c851ead07aa00fdee6ad9ca47d7779f536ddb483c82e3e731983d6b188752942cac38adcf7
-
SSDEEP
196608:YWMWPCzNA7rlvRz1rrFBV6tpjuj6gYPKHCKsg:YjujUtYj6gYPYp
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f811242287736b95bc2a2d5da50a4009_JaffaCakes118
Files
-
f811242287736b95bc2a2d5da50a4009_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 147KB - Virtual size: 236KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE