Behavioral task
behavioral1
Sample
11fcfecc1591fa5f1e482433bbc3c11e_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
11fcfecc1591fa5f1e482433bbc3c11e_JaffaCakes118
-
Size
17.7MB
-
MD5
11fcfecc1591fa5f1e482433bbc3c11e
-
SHA1
e63df40df24d62979fab5d02475f8bcc785ab191
-
SHA256
408bfb3a5628f1d2c5560db3b5523b69a9d3f153aed5bb23502661c7e5062201
-
SHA512
c540c6b4a47560b9d5d0681ff45a48d765760284276ec941a59f42c6d7731721396fc85927ed18834a03d7a897c9bc2a2d03329116661e3d70c90ee71b3ff0e8
-
SSDEEP
196608:Ta9+6Y7SOEibgRPghN1qfkuQZGBfWlZPzmGP8wa9+6Y7SOEibgRPghN1qfkuQZGj:TFgRaNQfkuHWaG5FgRaNQfkuHWaGY
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Privateloader family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 11fcfecc1591fa5f1e482433bbc3c11e_JaffaCakes118
Files
-
11fcfecc1591fa5f1e482433bbc3c11e_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE