jupyter | JaffaCakes118_80e51f4bc1f0f754e3214204d93a2c6f3ac126e395102fd05550261741778a1f

General

Target

JaffaCakes118_80e51f4bc1f0f754e3214204d93a2c6f3ac126e395102fd05550261741778a1f
Size

16KB
MD5

abc4707f302ee4e705ab63d30d6e7593
SHA1

04f03b805b79d9652dde245f159ecd05fced9d19
SHA256

80e51f4bc1f0f754e3214204d93a2c6f3ac126e395102fd05550261741778a1f
SHA512

b2d9f853b56edc173ebb9d52026554d8b09b40bdc5c2a62da0321046b251f58b60e4294ca006a3c756afda6c7037afeaed1635fa8d61f94181165aaef2730455
SSDEEP

384:OyjV+ICOpZlhyj76antpjxaZGk+BR6vSkb8KMDCw4y5Tp0auHnK567g:OK+ClGdsqr4Q5Tp0Ra

Score

10^/10

jupyter

Family

jupyter

Version

AG-5

C2

http://167.88.15.115

Jupyter Backdoor/Client payload 1 IoCs

resource	yara_rule
static1/unpack001/exepayload.exe	family_jupyter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/exepayload.exe

JaffaCakes118_80e51f4bc1f0f754e3214204d93a2c6f3ac126e395102fd05550261741778a1f
.zip

Password: infected
exepayload.exe
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ