General
-
Target
01b44dac1a96187bac00987104cd6dae_JaffaCakes118
-
Size
115KB
-
Sample
240622-mqhyksyclp
-
MD5
01b44dac1a96187bac00987104cd6dae
-
SHA1
a0550e12999baa22a96b60684597b7725503cf33
-
SHA256
91d66c85f81834d91cafb1af72537703406b6bdd9f26400f05ce3ff5447e87f2
-
SHA512
dfcd2c1583d8c68b93987152785eda8a0fb1f5c4e1d093d8ae3a6302836fb4a1354e4e78101837c3fe6b0d430992377020c905f35c8039dbf893a5a58df6be59
-
SSDEEP
3072:Cf8wNOO5/bHoUYmxF44UkbZEvoAVlcRfeIuAZymH1Ztw:Cn5dn4rkWgucRfehuj
Static task
static1
Behavioral task
behavioral1
Sample
01b44dac1a96187bac00987104cd6dae_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
01b44dac1a96187bac00987104cd6dae_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
01b44dac1a96187bac00987104cd6dae_JaffaCakes118
-
Size
115KB
-
MD5
01b44dac1a96187bac00987104cd6dae
-
SHA1
a0550e12999baa22a96b60684597b7725503cf33
-
SHA256
91d66c85f81834d91cafb1af72537703406b6bdd9f26400f05ce3ff5447e87f2
-
SHA512
dfcd2c1583d8c68b93987152785eda8a0fb1f5c4e1d093d8ae3a6302836fb4a1354e4e78101837c3fe6b0d430992377020c905f35c8039dbf893a5a58df6be59
-
SSDEEP
3072:Cf8wNOO5/bHoUYmxF44UkbZEvoAVlcRfeIuAZymH1Ztw:Cn5dn4rkWgucRfehuj
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies firewall policy service
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-