General
-
Target
088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118
-
Size
100KB
-
Sample
240624-pth4vswclj
-
MD5
088c14ef29c2148b1424f2b2cc3dc8ba
-
SHA1
0de2e6d4e3ce5a447ac166b4f7afcd0fd8f77932
-
SHA256
3655207cb587d1ecc0c207b69c7f808b0d15e31cf8613de91dedb1b365210a65
-
SHA512
93c7d5c2c02863ca1440d31e35d54699d5398a516583e6ab195b6e3a85df6c9d5f301388a168191c88891c207fe15512b83cb9d8bb403924f9a22c7eaf9b0fd6
-
SSDEEP
1536:6tKOKXcN69y3AIXXLThstIUODYYF7g/N6P4SX4s4ASyV3ZBDruma:62XcNCy3AIXXfhstT1jN6gQSWX1a
Static task
static1
Behavioral task
behavioral1
Sample
088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
windows/reverse_nonx_tcp
192.168.1.10:4444
Targets
-
-
Target
088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118
-
Size
100KB
-
MD5
088c14ef29c2148b1424f2b2cc3dc8ba
-
SHA1
0de2e6d4e3ce5a447ac166b4f7afcd0fd8f77932
-
SHA256
3655207cb587d1ecc0c207b69c7f808b0d15e31cf8613de91dedb1b365210a65
-
SHA512
93c7d5c2c02863ca1440d31e35d54699d5398a516583e6ab195b6e3a85df6c9d5f301388a168191c88891c207fe15512b83cb9d8bb403924f9a22c7eaf9b0fd6
-
SSDEEP
1536:6tKOKXcN69y3AIXXLThstIUODYYF7g/N6P4SX4s4ASyV3ZBDruma:62XcNCy3AIXXfhstT1jN6gQSWX1a
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Uses Session Manager for persistence
Creates Session Manager registry key to run executable early in system boot.
-
Drops file in System32 directory
-