General
-
Target
f57ef56616de54fc88e803abf57cdab4_JaffaCakes118
-
Size
177KB
-
Sample
240417-lsjgfsbc87
-
MD5
f57ef56616de54fc88e803abf57cdab4
-
SHA1
e5938463fd7895cc07a0a38cfd401660dcc333a8
-
SHA256
13ac9d5ce9f34c40884f67e0767d87d8fc5a705fe8d4ebaa1773ea8626a2e468
-
SHA512
5ab487aee65f7527e4861f1626e900bbe749a04279556b99d8da53aff3e88ccbe4f100fe43c9adb504305ecdae4ea2699ad22fd8eea7dbff4cf4cee1a08bf502
-
SSDEEP
3072:bnrRqBYMmJGOyXmRWyE+4NQNIDYw2az/aLOGBiVqzJqvvr9y2/DhmOCQZF5G7cxh:bSDBO5Vn4YwN2fYqNqvT9JbIMF8gN/
Static task
static1
Behavioral task
behavioral1
Sample
f57ef56616de54fc88e803abf57cdab4_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f57ef56616de54fc88e803abf57cdab4_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.21:4444
Targets
-
-
Target
f57ef56616de54fc88e803abf57cdab4_JaffaCakes118
-
Size
177KB
-
MD5
f57ef56616de54fc88e803abf57cdab4
-
SHA1
e5938463fd7895cc07a0a38cfd401660dcc333a8
-
SHA256
13ac9d5ce9f34c40884f67e0767d87d8fc5a705fe8d4ebaa1773ea8626a2e468
-
SHA512
5ab487aee65f7527e4861f1626e900bbe749a04279556b99d8da53aff3e88ccbe4f100fe43c9adb504305ecdae4ea2699ad22fd8eea7dbff4cf4cee1a08bf502
-
SSDEEP
3072:bnrRqBYMmJGOyXmRWyE+4NQNIDYw2az/aLOGBiVqzJqvvr9y2/DhmOCQZF5G7cxh:bSDBO5Vn4YwN2fYqNqvT9JbIMF8gN/
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-