General
-
Target
f7f3705b6d0aa7430ec75c8043a705ee_JaffaCakes118
-
Size
1.9MB
-
Sample
240418-n61zrscf77
-
MD5
f7f3705b6d0aa7430ec75c8043a705ee
-
SHA1
c5fd2bb7dd108b1ab9d8fc33878857b0aa6dd621
-
SHA256
8bdcd836564bd07411aadf5d34cb7222a11c92b01302a0b2e18b321c32c6883e
-
SHA512
397e6662e15134aef087b5d2422163854c862300afffd6ad0cc316c4f86ff7c95cda75a0373dff5c92556a9b9b40655d65cd57b2e1cf3fbfff8f7e1aa859bf8b
-
SSDEEP
49152:o7ZrllOhNyYawg0W4mQjTwqlC7P8+7NLaQ5R7WpY7I:o7Z5lAyYawlwqlwLL
Static task
static1
Behavioral task
behavioral1
Sample
f7f3705b6d0aa7430ec75c8043a705ee_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7f3705b6d0aa7430ec75c8043a705ee_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/download_exec
http://120.26.87.95:9999/jquery-3.3.1.slim.min.js
Targets
-
-
Target
f7f3705b6d0aa7430ec75c8043a705ee_JaffaCakes118
-
Size
1.9MB
-
MD5
f7f3705b6d0aa7430ec75c8043a705ee
-
SHA1
c5fd2bb7dd108b1ab9d8fc33878857b0aa6dd621
-
SHA256
8bdcd836564bd07411aadf5d34cb7222a11c92b01302a0b2e18b321c32c6883e
-
SHA512
397e6662e15134aef087b5d2422163854c862300afffd6ad0cc316c4f86ff7c95cda75a0373dff5c92556a9b9b40655d65cd57b2e1cf3fbfff8f7e1aa859bf8b
-
SSDEEP
49152:o7ZrllOhNyYawg0W4mQjTwqlC7P8+7NLaQ5R7WpY7I:o7Z5lAyYawlwqlwLL
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-