Behavioral task
behavioral1
Sample
66c784ff607d14c995c31f82825d82fe_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
66c784ff607d14c995c31f82825d82fe_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
66c784ff607d14c995c31f82825d82fe_JaffaCakes118
-
Size
89KB
-
MD5
66c784ff607d14c995c31f82825d82fe
-
SHA1
e1b557bc20e761a3c2de67988496fd9fcc843757
-
SHA256
7a1822d0ea92d805caabde3b011c0c135d95cef1fe1d234cba88c8d291549682
-
SHA512
805038e122ade08fdbc6c14c9c1a8fff28b11635275bc4fc81e9115751e23bd834c8c1d59a3c03b3781e2bc96d43495b41343c2eb20a14087d835b75e3bce89d
-
SSDEEP
1536:uqT83/jqTj8OY16q7v+W2NolXekecuoOhDStMTvHEK3kzmE:lTAH6wJ2CrOkQEKnE
Malware Config
Extracted
pony
http://ahmed1337.in/phpgate/gate.php
Signatures
-
Pony family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 66c784ff607d14c995c31f82825d82fe_JaffaCakes118
Files
-
66c784ff607d14c995c31f82825d82fe_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE