General
-
Target
fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118
-
Size
320KB
-
Sample
240419-r789bafa95
-
MD5
fa8a468a9ba7c90e58da7e57857a2d1f
-
SHA1
974a20b74503ab4fd7bb6c62be0d5cd5735b30e9
-
SHA256
7b6674bbde714e1285fa64caecc1f9d90e3ca8ac1a8f01035e1ef9afcfb54eaf
-
SHA512
3f86bac8570fa01baf5ab6443e2c9778527604ece45632de5143eb58d169b0d36ea9f8db404db61642fa78888cb2ba9fc958da13ba700328af5f20a819fc63a0
-
SSDEEP
3072:SsdCmcW91L/RFQSAZVyv6mPwyYqk9Pxqk6hx5E/0a:tNc29/RFjAywCk9H6hx5E/0
Static task
static1
Behavioral task
behavioral1
Sample
fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.0.125:4444
Targets
-
-
Target
fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118
-
Size
320KB
-
MD5
fa8a468a9ba7c90e58da7e57857a2d1f
-
SHA1
974a20b74503ab4fd7bb6c62be0d5cd5735b30e9
-
SHA256
7b6674bbde714e1285fa64caecc1f9d90e3ca8ac1a8f01035e1ef9afcfb54eaf
-
SHA512
3f86bac8570fa01baf5ab6443e2c9778527604ece45632de5143eb58d169b0d36ea9f8db404db61642fa78888cb2ba9fc958da13ba700328af5f20a819fc63a0
-
SSDEEP
3072:SsdCmcW91L/RFQSAZVyv6mPwyYqk9Pxqk6hx5E/0a:tNc29/RFjAywCk9H6hx5E/0
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-