General
-
Target
290768080468426ca60b70c19c50865e_JaffaCakes118
-
Size
4.5MB
-
Sample
240706-v7w6jazaqd
-
MD5
290768080468426ca60b70c19c50865e
-
SHA1
d02fa1633b534ecec5837118ead0df66595f3707
-
SHA256
9e2efe27d84bb94392d14224c550b9969c8a9198efb38069bf5a5625e53adcdb
-
SHA512
1e51d09ccbedfad4e3ba852dc8d7179e423ddd987b04e1e41a747c090075e1baeb1a90bc271097dd32e4bb425c0f0121bb7962d10ef7886d1aea71dae129ac6e
-
SSDEEP
98304:pYLX2uBXwyIX2Nsqgh0E20CSoOzveMRCKGcc8O1A0OBGybe1yTD7NvL:ImxX2kZ2F5bJxjA0yQC7VL
Static task
static1
Behavioral task
behavioral1
Sample
290768080468426ca60b70c19c50865e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
290768080468426ca60b70c19c50865e_JaffaCakes118
-
Size
4.5MB
-
MD5
290768080468426ca60b70c19c50865e
-
SHA1
d02fa1633b534ecec5837118ead0df66595f3707
-
SHA256
9e2efe27d84bb94392d14224c550b9969c8a9198efb38069bf5a5625e53adcdb
-
SHA512
1e51d09ccbedfad4e3ba852dc8d7179e423ddd987b04e1e41a747c090075e1baeb1a90bc271097dd32e4bb425c0f0121bb7962d10ef7886d1aea71dae129ac6e
-
SSDEEP
98304:pYLX2uBXwyIX2Nsqgh0E20CSoOzveMRCKGcc8O1A0OBGybe1yTD7NvL:ImxX2kZ2F5bJxjA0yQC7VL
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-