Behavioral task
behavioral1
Sample
d0047fc7464269bd3c869cf8f46ddb62_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
d0047fc7464269bd3c869cf8f46ddb62_JaffaCakes118
-
Size
2.6MB
-
MD5
d0047fc7464269bd3c869cf8f46ddb62
-
SHA1
8586e6d41183a912ee77ad0d2e7268dbf4f93126
-
SHA256
249eedbf85e023cc00d9b9221af0cf0fb0d405f8b4dffffb802789e37326998e
-
SHA512
b5839fa3cd91119abe20d61d2df16f1c95f81483779bc083df319f1a2912b9a1b6a7e56306aa3e316cd88876bdc1e3c63c22e075fd9afa4725e45946f6fac3fa
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlI:86SIROiFJiwp0xlrlI
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Signatures
-
Pony family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d0047fc7464269bd3c869cf8f46ddb62_JaffaCakes118
Files
-
d0047fc7464269bd3c869cf8f46ddb62_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ