C:\Documents and Settings\Administrateur\Mes documents\Visual Studio 2008\Projects\HadèsKey - Decrypteur de Logs\HadèsKey - Decrypteur de Logs\obj\Release\HadèsKey - Logs Decrypt.pdb
Behavioral task
behavioral1
Sample
HadesKey SE.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
HadesKey SE.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral3
Sample
HadèsKey - Logs Decrypt.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
HadèsKey - Logs Decrypt.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral5
Sample
ReActiveMe.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
ReActiveMe.exe
Resource
win10v2004-20240730-en
Behavioral task
behavioral7
Sample
Stub.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Stub.exe
Resource
win10v2004-20240730-en
General
-
Target
8210a43afc450e18a80d697a6f923c8c_JaffaCakes118
-
Size
1.1MB
-
MD5
8210a43afc450e18a80d697a6f923c8c
-
SHA1
fe7e43c3a1ae644735d46c11abcd05c397eb0a17
-
SHA256
69d054d2fa8f5fcb108ac76205d2f8361ddea1632069cfceba899daa3244d795
-
SHA512
51fa173c4a42a35a3c9415fa9f203d5ce263b8de735837661378edc8a517532cd496c02b5a73c92c8e795c6b57e90e874cd01c2a3f46dd7b2453448c6147c748
-
SSDEEP
24576:TWpr3saN7P7WB1izxQ3RmRsDzcv4Y0SYW92jC79I+93wdYFE:+J7K1UaTzQ0HjmKdp
Malware Config
Signatures
-
RevengeRat Executable 1 IoCs
Processes:
resource yara_rule static1/unpack001/Stub.exe revengerat -
Revengerat family
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/HadesKey SE.exe unpack001/HadèsKey - Logs Decrypt.exe unpack001/ReActiveMe.exe unpack001/Stub.exe
Files
-
8210a43afc450e18a80d697a6f923c8c_JaffaCakes118.rar
-
HadesKey SE.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.rsrc Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 633KB - Virtual size: 632KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HadèsKey - Logs Decrypt.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 157KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 238B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ReActiveMe.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Documents and Settings\Administrateur\Mes documents\Visual Studio 2008\Projects\ReActiveMe\ReActiveMe\obj\Release\ReActiveMe.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 184B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 135KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Stub.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.rsrc Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 428KB - Virtual size: 427KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
news.txt