Behavioral task
behavioral1
Sample
dbb3fed1ddbe1dba7915ac77f70fb445_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
dbb3fed1ddbe1dba7915ac77f70fb445_JaffaCakes118
-
Size
2.6MB
-
MD5
dbb3fed1ddbe1dba7915ac77f70fb445
-
SHA1
1fa65a682d2ccf5c961b73f8bd8670a2169aefc1
-
SHA256
f44d696d38b639db5546aabe65b04cbc374cfe2f9d3480087c00e0afa42da137
-
SHA512
e58ab91c2677a3ba64ec4c697bbf9392fb66030dd5bf313697b6da844b9fe8c329fc6c1f88eee3f12a1badc8b3ee997eebd775733199defde5af52fb133f7351
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlj:86SIROiFJiwp0xlrlj
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Signatures
-
Pony family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource dbb3fed1ddbe1dba7915ac77f70fb445_JaffaCakes118
Files
-
dbb3fed1ddbe1dba7915ac77f70fb445_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ