General
-
Target
00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118
-
Size
47KB
-
Sample
240619-2jae7azajj
-
MD5
00e93b6e2f202e44c0a4a7c9c52c18aa
-
SHA1
0f9cda3c5c86f6338105fce6590e37d59c7d5dfb
-
SHA256
bc512c8393f709719f71781dc7fceeb447d7105f3dbb43269ae31dd645443138
-
SHA512
dc5af8f8867f94e7092d4654e5e4eb6397e1eab8de78de90a307ccba4b1402554ad1da6865b9520afa8f0ed7d1c25842d6bc01e37173ee108c703a03e9a482ba
-
SSDEEP
768:q3eo4XFnfnZDT/OvrIGvSOWLXuth2niMQ1zaq1JJCJGV10pzI24/k7bAgIsQ73Rq:q3H4Vn/ZD6vkG/N3L1J7XeF/bfIT7R+/
Static task
static1
Behavioral task
behavioral1
Sample
00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118
-
Size
47KB
-
MD5
00e93b6e2f202e44c0a4a7c9c52c18aa
-
SHA1
0f9cda3c5c86f6338105fce6590e37d59c7d5dfb
-
SHA256
bc512c8393f709719f71781dc7fceeb447d7105f3dbb43269ae31dd645443138
-
SHA512
dc5af8f8867f94e7092d4654e5e4eb6397e1eab8de78de90a307ccba4b1402554ad1da6865b9520afa8f0ed7d1c25842d6bc01e37173ee108c703a03e9a482ba
-
SSDEEP
768:q3eo4XFnfnZDT/OvrIGvSOWLXuth2niMQ1zaq1JJCJGV10pzI24/k7bAgIsQ73Rq:q3H4Vn/ZD6vkG/N3L1J7XeF/bfIT7R+/
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-