General
-
Target
fa39f0ee34d558d972ab192901c9ca62_JaffaCakes118
-
Size
77KB
-
Sample
240419-nwrncabf4s
-
MD5
fa39f0ee34d558d972ab192901c9ca62
-
SHA1
6a742c21728ecad9781e465034f0653889a1e9ad
-
SHA256
bf89dae393e83aaa42efbbb88417bd9aaa7bbcfc47dd564e9367aa2db0822a03
-
SHA512
cbd89ff63756d3e46e8190968f0b2a5bbc25ae4d616857135b1e860c1c46fbdeec696257f6392fe95dedb3db468c5964b70d3d28e02d3bbf5eeffc744f1dd691
-
SSDEEP
1536:GCesb1DS6HUTn5Dof9VOQA1/TOfXRN6dZBbM+eqRPj57FulH:GkogW58f9V01qf/4deqR71FulH
Behavioral task
behavioral1
Sample
fa39f0ee34d558d972ab192901c9ca62_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fa39f0ee34d558d972ab192901c9ca62_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
fa39f0ee34d558d972ab192901c9ca62_JaffaCakes118
-
Size
77KB
-
MD5
fa39f0ee34d558d972ab192901c9ca62
-
SHA1
6a742c21728ecad9781e465034f0653889a1e9ad
-
SHA256
bf89dae393e83aaa42efbbb88417bd9aaa7bbcfc47dd564e9367aa2db0822a03
-
SHA512
cbd89ff63756d3e46e8190968f0b2a5bbc25ae4d616857135b1e860c1c46fbdeec696257f6392fe95dedb3db468c5964b70d3d28e02d3bbf5eeffc744f1dd691
-
SSDEEP
1536:GCesb1DS6HUTn5Dof9VOQA1/TOfXRN6dZBbM+eqRPj57FulH:GkogW58f9V01qf/4deqR71FulH
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-