General
-
Target
f7c288227694f2c5b88d411c576b5213_JaffaCakes118
-
Size
102KB
-
Sample
240418-l1w3hshg78
-
MD5
f7c288227694f2c5b88d411c576b5213
-
SHA1
08541911d55f1bd8e3981f21fde0378d7c553f51
-
SHA256
8b2e5890687ce54f8ed6b9aac54b0cab0b051c724961b0d3ab22d8b4ef8b7c40
-
SHA512
62ee17a6d5e50d2c4649818c626fd3351c85ffc6f8514c8928ca711f8997aa8f0105d2f788f50f30f2db2adf886568d929f13d33f3ce86c014019fd749a4ade3
-
SSDEEP
3072:LEvW22Z2DdSKp9mGelKwybYFJ8ldPihkGAmGnZE:L1kDdSG9xelZybYJQihkGr
Static task
static1
Behavioral task
behavioral1
Sample
f7c288227694f2c5b88d411c576b5213_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7c288227694f2c5b88d411c576b5213_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
127.0.0.1:4444
Targets
-
-
Target
f7c288227694f2c5b88d411c576b5213_JaffaCakes118
-
Size
102KB
-
MD5
f7c288227694f2c5b88d411c576b5213
-
SHA1
08541911d55f1bd8e3981f21fde0378d7c553f51
-
SHA256
8b2e5890687ce54f8ed6b9aac54b0cab0b051c724961b0d3ab22d8b4ef8b7c40
-
SHA512
62ee17a6d5e50d2c4649818c626fd3351c85ffc6f8514c8928ca711f8997aa8f0105d2f788f50f30f2db2adf886568d929f13d33f3ce86c014019fd749a4ade3
-
SSDEEP
3072:LEvW22Z2DdSKp9mGelKwybYFJ8ldPihkGAmGnZE:L1kDdSG9xelZybYJQihkGr
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-