General
-
Target
fa18603301954d03d73c69efb76b59fd_JaffaCakes118
-
Size
52KB
-
Sample
240419-melkbsgg4t
-
MD5
fa18603301954d03d73c69efb76b59fd
-
SHA1
5850b0506e9446e7ef8ed32015d25e7540eddb58
-
SHA256
4c655f9708839ca495b6fd86c06bb2d6cb76349deb2fc007d495066695481513
-
SHA512
5b9f12afe9ef0a174e8113ac4294cb253619c416df7cfb9b2b8aa8ff1ae6d49cc41722963c8c775b1b53d2fa60095e0d9ff9a34cd2c4c1074452e2b24dceca5c
-
SSDEEP
768:3tELoAseEpiW6fv9C9gk/XUZ/PlvLD4fzlUS2POd6DjyWzLojoIBvfbUs:3819yiWsv49Nu/Pteld2PWajXgcKos
Static task
static1
Behavioral task
behavioral1
Sample
fa18603301954d03d73c69efb76b59fd_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fa18603301954d03d73c69efb76b59fd_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
fa18603301954d03d73c69efb76b59fd_JaffaCakes118
-
Size
52KB
-
MD5
fa18603301954d03d73c69efb76b59fd
-
SHA1
5850b0506e9446e7ef8ed32015d25e7540eddb58
-
SHA256
4c655f9708839ca495b6fd86c06bb2d6cb76349deb2fc007d495066695481513
-
SHA512
5b9f12afe9ef0a174e8113ac4294cb253619c416df7cfb9b2b8aa8ff1ae6d49cc41722963c8c775b1b53d2fa60095e0d9ff9a34cd2c4c1074452e2b24dceca5c
-
SSDEEP
768:3tELoAseEpiW6fv9C9gk/XUZ/PlvLD4fzlUS2POd6DjyWzLojoIBvfbUs:3819yiWsv49Nu/Pteld2PWajXgcKos
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-