Behavioral task
behavioral1
Sample
a90ed664d77a614c83fc9f678b788faa_JaffaCakes118.exe
Resource
win7-20240705-en
General
-
Target
a90ed664d77a614c83fc9f678b788faa_JaffaCakes118
-
Size
75KB
-
MD5
a90ed664d77a614c83fc9f678b788faa
-
SHA1
a99e8ee571af82aeadd6e33201b35de83c0c1f1f
-
SHA256
12cd55fd9b4424222fd54486f3340413f8fa821526d1caae60fb6979e575f820
-
SHA512
23ad85d8a1f861c7f66f9ce84027502ba201680f358fc0a6bb2fd164f5f6874ae4b7431b0fb67a2481c2230ab7f1d6491304c1cf037a225e54d9959e0a120036
-
SSDEEP
768:bE9hghdN12Ozhiow2Gkm6+c3/6pzohZOp69bV2wP:bu+zMOlw2GkmS3yhos+Z2w
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
resource yara_rule sample family_xtremerat -
Xtremerat family
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a90ed664d77a614c83fc9f678b788faa_JaffaCakes118
Files
-
a90ed664d77a614c83fc9f678b788faa_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE