Behavioral task
behavioral1
Sample
24872be3196481673bed01b7191a8ce6_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
24872be3196481673bed01b7191a8ce6_JaffaCakes118
-
Size
14.8MB
-
MD5
24872be3196481673bed01b7191a8ce6
-
SHA1
ce1217f094c70f048c7dc8d517f719b6d80e95b4
-
SHA256
72aa7ab889fbaee202b3b22566f2769d5d0dcec1a1d8f29968140d6e132002db
-
SHA512
0532fc69725831dc27001274890a7e619b1c9b82ba4b7d719b10be55797ce0b2cd2bef20d33ecab9cc37d466e71e4b4d1a19898511a3de30c2817ad6463feede
-
SSDEEP
196608:da9+6Y7SOEibgRWGBfW+8GBfWIuhea9+6Y7SOEibgRWGBfW+8GBfWIuhF:dFgRfW+NWIuheFgRfW+NWIuhF
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Privateloader family
-
XMRig Miner payload 1 IoCs
resource yara_rule sample xmrig -
Xmrig family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 24872be3196481673bed01b7191a8ce6_JaffaCakes118
Files
-
24872be3196481673bed01b7191a8ce6_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 108KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.8MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 800B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE