General
-
Target
b0d596308422acbaba1e293de5fffa0b_JaffaCakes118
-
Size
1.1MB
-
Sample
240404-f22rhafg5y
-
MD5
b0d596308422acbaba1e293de5fffa0b
-
SHA1
1c64d6d09793014922debb14e90df35dac398427
-
SHA256
64a30c1f547cfa1f38efe2a5080378cf00068aba6ae5dc0e76989a665357104e
-
SHA512
66ef06c44b86b22b9c28275142d371bb926e508cfdc369960bdc9c5955b80f4795cec6ee7b23b835a380695102fc36f0034db84c936815c8281e46ecb8c52c30
-
SSDEEP
24576:4eJZke+WFlpR/Gctc+rOD4GRNknjVWK3PfVfkEzhuVts2OwOD:4e7ke+4z9kFnknjV7CKuVw9
Static task
static1
Behavioral task
behavioral1
Sample
b0d596308422acbaba1e293de5fffa0b_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b0d596308422acbaba1e293de5fffa0b_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
73.61.110.191:4444
Targets
-
-
Target
b0d596308422acbaba1e293de5fffa0b_JaffaCakes118
-
Size
1.1MB
-
MD5
b0d596308422acbaba1e293de5fffa0b
-
SHA1
1c64d6d09793014922debb14e90df35dac398427
-
SHA256
64a30c1f547cfa1f38efe2a5080378cf00068aba6ae5dc0e76989a665357104e
-
SHA512
66ef06c44b86b22b9c28275142d371bb926e508cfdc369960bdc9c5955b80f4795cec6ee7b23b835a380695102fc36f0034db84c936815c8281e46ecb8c52c30
-
SSDEEP
24576:4eJZke+WFlpR/Gctc+rOD4GRNknjVWK3PfVfkEzhuVts2OwOD:4e7ke+4z9kFnknjV7CKuVw9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-