General
-
Target
294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118
-
Size
214KB
-
Sample
240706-xrrxzs1anq
-
MD5
294ab5b0fa70267a4acc6c65d9b16988
-
SHA1
5b2052251fbdbcf27d332c82283a47a52bd20b62
-
SHA256
b59dc23a9ddfe1d442a553dcdf0213490326ddd695b06334827fe82c2ed0ed06
-
SHA512
ef7b5e7d9354b6c448ca4432063d60d58053f7958b7040f18dc9404f6b080f114dbf12fa4f472bad7bd326444a14d49efa88feff463e99801c17413a6e3b1def
-
SSDEEP
6144:SH2eDEnF52e7Kag+l8PiVNpkMKPdnB1N/FjzhNf:SWOE6e7fgvENprK3LFjLf
Static task
static1
Behavioral task
behavioral1
Sample
294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118
-
Size
214KB
-
MD5
294ab5b0fa70267a4acc6c65d9b16988
-
SHA1
5b2052251fbdbcf27d332c82283a47a52bd20b62
-
SHA256
b59dc23a9ddfe1d442a553dcdf0213490326ddd695b06334827fe82c2ed0ed06
-
SHA512
ef7b5e7d9354b6c448ca4432063d60d58053f7958b7040f18dc9404f6b080f114dbf12fa4f472bad7bd326444a14d49efa88feff463e99801c17413a6e3b1def
-
SSDEEP
6144:SH2eDEnF52e7Kag+l8PiVNpkMKPdnB1N/FjzhNf:SWOE6e7fgvENprK3LFjLf
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-