Behavioral task
behavioral1
Sample
c0ee86411ed656c33502ef2bdd720dc3_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c0ee86411ed656c33502ef2bdd720dc3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
c0ee86411ed656c33502ef2bdd720dc3_JaffaCakes118
-
Size
52KB
-
MD5
c0ee86411ed656c33502ef2bdd720dc3
-
SHA1
f2551d7f74cf94ed1b5c20b6b80aa67fc8ad2f1d
-
SHA256
43a57b8822c9cd2f1acacfd8690b18944c161d588ed4c10dfd6336877f33de9b
-
SHA512
c5a37a76cba9e6a93f48ef14dabbc4bbf4dc5ff75f13d32ab0c967c4df66c7361e7f9b05eb02b8477ad0879977f3cce865d05a56e2ae5500e89e4f98a6d70228
-
SSDEEP
1536:wRXEKa3dAjTbE5rA5cmDPxGjS6cqTacjeeIb+T:LjG3b2AXPxGe6yeIKT
Malware Config
Signatures
-
ISR Stealer payload 1 IoCs
Processes:
resource yara_rule sample family_isrstealer -
Isrstealer family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource c0ee86411ed656c33502ef2bdd720dc3_JaffaCakes118
Files
-
c0ee86411ed656c33502ef2bdd720dc3_JaffaCakes118.exe windows:4 windows x86 arch:x86
7342988ab055a1f3362c0bb541456d42
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
MethCallEngine
ord516
ord660
ord666
ord667
ord593
ord594
ord520
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord529
dllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord717
ProcCallEngine
ord644
ord537
ord645
ord648
ord570
ord571
ord100
ord616
ord617
ord619
ord581
Sections
.text Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 176KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ