General
-
Target
00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118
-
Size
532KB
-
Sample
240619-1zybhsybkq
-
MD5
00c6f606fa8482405c7ee2bcb4de4818
-
SHA1
354d8792f2d52b0139f6d452130c8510e0484f00
-
SHA256
7fed56513a518daa3520469b8ea681087f4e601b21ced4bb25564d75d9b37358
-
SHA512
e869863aa200810226ee87717c4dcd70ecdf5d4bd83d7b236c4e9e2cca99cd9e01913f47a233e58536c8c5cf4eb889f73796c4a1717c1d149a812ad9ac262276
-
SSDEEP
12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry
Static task
static1
Behavioral task
behavioral1
Sample
00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118
-
Size
532KB
-
MD5
00c6f606fa8482405c7ee2bcb4de4818
-
SHA1
354d8792f2d52b0139f6d452130c8510e0484f00
-
SHA256
7fed56513a518daa3520469b8ea681087f4e601b21ced4bb25564d75d9b37358
-
SHA512
e869863aa200810226ee87717c4dcd70ecdf5d4bd83d7b236c4e9e2cca99cd9e01913f47a233e58536c8c5cf4eb889f73796c4a1717c1d149a812ad9ac262276
-
SSDEEP
12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-