General
-
Target
07786af484910b83e5d1a703fcc78a7d_JaffaCakes118
-
Size
166KB
-
Sample
240620-tbcatavhre
-
MD5
07786af484910b83e5d1a703fcc78a7d
-
SHA1
9a02cc979781606cdc17594018738b40f8753443
-
SHA256
84027a6a3706c9a534a3bde965a7f328b11175d49036cb4cca03e3e5ec7cae46
-
SHA512
1c296e339fc6b60ecdfe6efb742e55cf6bb6decc00ced260d4a65796228bcf77e010e452cfe9a153ade43b528dbfa0a74c340fc766ef8262450f8a15c2dc2f8f
-
SSDEEP
1536:uvzeEKYKMrwkqEt23XSLg146R6eXGeIArIi8x5OfPotdERcpKuZFST1BXItc2DoD:uLqEt236W46Tp2ioMPRcKwm3kknMw
Static task
static1
Behavioral task
behavioral1
Sample
07786af484910b83e5d1a703fcc78a7d_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
07786af484910b83e5d1a703fcc78a7d_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
07786af484910b83e5d1a703fcc78a7d_JaffaCakes118
-
Size
166KB
-
MD5
07786af484910b83e5d1a703fcc78a7d
-
SHA1
9a02cc979781606cdc17594018738b40f8753443
-
SHA256
84027a6a3706c9a534a3bde965a7f328b11175d49036cb4cca03e3e5ec7cae46
-
SHA512
1c296e339fc6b60ecdfe6efb742e55cf6bb6decc00ced260d4a65796228bcf77e010e452cfe9a153ade43b528dbfa0a74c340fc766ef8262450f8a15c2dc2f8f
-
SSDEEP
1536:uvzeEKYKMrwkqEt23XSLg146R6eXGeIArIi8x5OfPotdERcpKuZFST1BXItc2DoD:uLqEt236W46Tp2ioMPRcKwm3kknMw
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-