General
-
Target
0264a4c736afdac898048967f6e05ee0_JaffaCakes118
-
Size
825KB
-
Sample
240622-qtd1kszekg
-
MD5
0264a4c736afdac898048967f6e05ee0
-
SHA1
81ad468d49af92e4d7a58ec45dc366d5fcce8d1e
-
SHA256
e5f995804c3fdb5042f89fa43c5af9d67ad794b9c9fcd85eddd11be467599627
-
SHA512
d50b197ebb81d70946ce45ef5c78b609f5819ea4901a2ac1f501ab80e61a2fc70aa4d5c694a9bc25102def3ab3b7c1d49e8aa04667116a924b27a59038ba043f
-
SSDEEP
12288:1XrHTWz5AkGaOTTAPWwC3kAH4cdzG7Qd0ynYaJflJy2jhFR5Nl3s2r3eIYQ5yw:djCV0TbL37YKSaJf221F/82r3eJQn
Static task
static1
Behavioral task
behavioral1
Sample
0264a4c736afdac898048967f6e05ee0_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0264a4c736afdac898048967f6e05ee0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
0264a4c736afdac898048967f6e05ee0_JaffaCakes118
-
Size
825KB
-
MD5
0264a4c736afdac898048967f6e05ee0
-
SHA1
81ad468d49af92e4d7a58ec45dc366d5fcce8d1e
-
SHA256
e5f995804c3fdb5042f89fa43c5af9d67ad794b9c9fcd85eddd11be467599627
-
SHA512
d50b197ebb81d70946ce45ef5c78b609f5819ea4901a2ac1f501ab80e61a2fc70aa4d5c694a9bc25102def3ab3b7c1d49e8aa04667116a924b27a59038ba043f
-
SSDEEP
12288:1XrHTWz5AkGaOTTAPWwC3kAH4cdzG7Qd0ynYaJflJy2jhFR5Nl3s2r3eIYQ5yw:djCV0TbL37YKSaJf221F/82r3eJQn
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-