Behavioral task
behavioral1
Sample
2c701b9904603479c8e01a692383e396_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2c701b9904603479c8e01a692383e396_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
2c701b9904603479c8e01a692383e396_JaffaCakes118
-
Size
7.0MB
-
MD5
2c701b9904603479c8e01a692383e396
-
SHA1
c9662c1ee3ed00ea0f70d12a6e5ecfa50d1d9c77
-
SHA256
0a05f8788ca28d5f4e2ad838a36f83107326d3021fc5bc9824fe2c47dfd07712
-
SHA512
60e2e350e44c5676f283842d2af354b55b559c46eb3e1c8236c2abf87654845f7a6727da1aea824395b0d102a643790fb9eed55f729085dfee595aab259cf650
-
SSDEEP
196608:WHPdZwCsXDjDyf4L2WliXYrHW1LzbpbWg:eP4CEDHL2ciIrHWRzbB
Malware Config
Signatures
-
Asyncrat family
-
Njrat family
-
Detects Pyinstaller 1 IoCs
resource yara_rule sample pyinstaller -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2c701b9904603479c8e01a692383e396_JaffaCakes118
Files
-
2c701b9904603479c8e01a692383e396_JaffaCakes118.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 7.0MB - Virtual size: 7.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
pep.pyc