Behavioral task
behavioral1
Sample
84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118
-
Size
118KB
-
MD5
84a2ff961acfeb0d4ef598243c3c4616
-
SHA1
afdc3903b4d55a7a22659073e6252df390ddbf64
-
SHA256
fadf22ab8a361e7e1cee577c6cbf3a36f6e613f858946774af02ea9ffac896f4
-
SHA512
f619b13b46f48fc8f1b567c867e01a2b162c6120d85672494e76fd83a003bd04819e7445cff91551a81d75ca4894de33b6e2539781033587db858b44752f55c1
-
SSDEEP
1536:RuSOnbBjD3sqTEIZwDJ8214vP0EH0PBV2VmtZOLxpITvSc9JEQSkzm+D9UynUwvJ:4SO13xKW214vPo5bO9vcHEQK+DeyUwv
Malware Config
Extracted
pony
http://web-plasa.com/2/3/xxx/gate.php
-
payload_url
http://176.74.218.47/winAPI.exe
Signatures
-
Pony family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118
Files
-
84a2ff961acfeb0d4ef598243c3c4616_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE