General
-
Target
ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118
-
Size
519KB
-
Sample
240421-nypa1aae52
-
MD5
ff353dc46aaaeb657fc490c0697b2ceb
-
SHA1
7ec9b7f9589f6313d86ed69669b908e4c2b49fd0
-
SHA256
61ffa4beb7f207c23c2584827c2c6c94d6e46e209fd47b736d5536adee897348
-
SHA512
c18612e4ccd5c9fc40d3198cb05d900538920f83e13e9d519a906867a9c737027c9700dd6c5495d7574138996fe1380e290ab29521bbfe608534d7864f9d81cf
-
SSDEEP
12288:aOZBsAJULcGGfNH3YWklUIvrA6Zabs4uybJ2m:QAZJopavbV
Static task
static1
Behavioral task
behavioral1
Sample
ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118
-
Size
519KB
-
MD5
ff353dc46aaaeb657fc490c0697b2ceb
-
SHA1
7ec9b7f9589f6313d86ed69669b908e4c2b49fd0
-
SHA256
61ffa4beb7f207c23c2584827c2c6c94d6e46e209fd47b736d5536adee897348
-
SHA512
c18612e4ccd5c9fc40d3198cb05d900538920f83e13e9d519a906867a9c737027c9700dd6c5495d7574138996fe1380e290ab29521bbfe608534d7864f9d81cf
-
SSDEEP
12288:aOZBsAJULcGGfNH3YWklUIvrA6Zabs4uybJ2m:QAZJopavbV
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-