Behavioral task
behavioral1
Sample
a64e7e662cc4ba68971e60829d27f0d8_JaffaCakes118.exe
Resource
win7-20240508-en
General
-
Target
a64e7e662cc4ba68971e60829d27f0d8_JaffaCakes118
-
Size
94KB
-
MD5
a64e7e662cc4ba68971e60829d27f0d8
-
SHA1
85004c77f6f931ab2a10b0ac8b0a55654ae6e227
-
SHA256
fca6a8b8610af4ee0b323960e0f9eee05cc65f58c1a84e3f8ec3c007b811fa4f
-
SHA512
1faa78b29679526e0d71549c9cd4f812c018e4f4ee3318bc9d920c619a80e86ed0813e80a41d907ac003c8fcf67b3bc132b946d2f59d1d043a82d9659ba5cec8
-
SSDEEP
1536:7MZaVpSrKqTizpjDeOIx/OH5O1HDw+3V1Fffl9Oo0YW+lLqQXS1TvZAEM80U/etZ:QA3S2AO2mHNi9OjYW8qm2A/tU/eX
Malware Config
Extracted
pony
http://whizzpackage.com/dp/adm/adm1/gate.php
-
payload_url
http://whizzpackage.com/dp/adm/adm1/wotbrut.exe
Signatures
-
Pony family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a64e7e662cc4ba68971e60829d27f0d8_JaffaCakes118
Files
-
a64e7e662cc4ba68971e60829d27f0d8_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE