General
-
Target
06a1130ed8cc328b84f678410f54bf58_JaffaCakes118
-
Size
536KB
-
Sample
240620-raf69svgrq
-
MD5
06a1130ed8cc328b84f678410f54bf58
-
SHA1
310319f2d9f459e2d347f72c1b68b7176609ef45
-
SHA256
9599cee6a43dc50db2fa1e68e5571efcccca314f59bd42b6c08706ad6d41bbf5
-
SHA512
5ae9e0daf931d9b8e11b9c73d40f5fb6e6d8f25391d69ff54db67c89fb76a7a33ecf90f2decbb64c81960a0a9a8fa614c2af6c76fb62d6afbcd1b0eaf0e3f43f
-
SSDEEP
12288:Jpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:Jt/ir7bAK/ZFMlY8+HN9w
Behavioral task
behavioral1
Sample
06a1130ed8cc328b84f678410f54bf58_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
06a1130ed8cc328b84f678410f54bf58_JaffaCakes118
-
Size
536KB
-
MD5
06a1130ed8cc328b84f678410f54bf58
-
SHA1
310319f2d9f459e2d347f72c1b68b7176609ef45
-
SHA256
9599cee6a43dc50db2fa1e68e5571efcccca314f59bd42b6c08706ad6d41bbf5
-
SHA512
5ae9e0daf931d9b8e11b9c73d40f5fb6e6d8f25391d69ff54db67c89fb76a7a33ecf90f2decbb64c81960a0a9a8fa614c2af6c76fb62d6afbcd1b0eaf0e3f43f
-
SSDEEP
12288:Jpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:Jt/ir7bAK/ZFMlY8+HN9w
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-