Behavioral task
behavioral1
Sample
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118.exe
Resource
win7-20240215-en
General
-
Target
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118
-
Size
19.8MB
-
MD5
0458b8e5d1cde56d5920c8db855f6534
-
SHA1
19040be4f7d1bed1b19b2e8b3d8756caec2a1db3
-
SHA256
d2556e86c6a81adb27f6ddd42c5d0d0ed1f9b3e492fd5dae44e571adba3c04b7
-
SHA512
91f5d4c684e6848ca5da1024d3e6675f6a066725e045cb10876fb631e1194e6e31e7c1f5988bea5637e7526b913266bba12d7629c36aa0020504af11e8c41f20
-
SSDEEP
393216:dFgRavDllzWEyzPpe4hsFgRavDllzWEyzPpe4h:zvDllLyTlhYvDllLyTlh
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
Processes:
resource yara_rule sample family_blackmoon -
XMRig Miner payload 1 IoCs
Processes:
resource yara_rule sample xmrig -
Xmrig family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118
Files
-
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.8MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 800B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE