Behavioral task
behavioral1
Sample
8c9b313b351c8dba2b78ac4d54317edd_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8c9b313b351c8dba2b78ac4d54317edd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
8c9b313b351c8dba2b78ac4d54317edd_JaffaCakes118
-
Size
44KB
-
MD5
8c9b313b351c8dba2b78ac4d54317edd
-
SHA1
491623a6f0c2dbe04178060566aa1e2c66083e48
-
SHA256
e7580b95c9337e1ee29525ca13c986dd237c9529536cc5cbc7f88ac9697604d2
-
SHA512
177168f8a9c69361381bd589afbe6609481a9ca78ddff269c54ce92545d82f29a0023f1d9a58e807ae93500d12f5c8afd259bfeef23cb4f4a34b793f14bc1cc1
-
SSDEEP
768:tBr+tjFDTPkAl4ztB1lr6an32mTg8uvm2yfOTwYPIbzoJ1L:TyR9Hl6L1lr6anBTruvm2EuQ/ozL
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
resource yara_rule sample family_xtremerat -
Xtremerat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8c9b313b351c8dba2b78ac4d54317edd_JaffaCakes118
Files
-
8c9b313b351c8dba2b78ac4d54317edd_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
Code Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Data Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bss Size: - Virtual size: 11KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.Idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.Rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.Reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.Rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ