General
-
Target
6373450b041a6baebd243c32899c1c23_JaffaCakes118
-
Size
227KB
-
Sample
240722-rbaqwa1bpb
-
MD5
6373450b041a6baebd243c32899c1c23
-
SHA1
2400be9b30b00d0f7c41227130f4886ea34bd3f6
-
SHA256
a62fcb3ae52c25681b2ee552f35d93a6de340c69fd66d9d8271c4fd6cc94e2b8
-
SHA512
7bd3a311e64d7fec23f1261be8c6a38f7008a1b060c549138f0a42d49e56a94c74ab72a395c06acb63083a44e30075e134dc97b419467043453399987b0e94af
-
SSDEEP
3072:KkG4Ek8Ws+KJiotj+74J5luk/xHy7Znb8ivS+f9vgUTQz3uRAaYh3di:lG4Q++oEbIbPvS+fJgzP5di
Static task
static1
Behavioral task
behavioral1
Sample
6373450b041a6baebd243c32899c1c23_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
6373450b041a6baebd243c32899c1c23_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
6373450b041a6baebd243c32899c1c23_JaffaCakes118
-
Size
227KB
-
MD5
6373450b041a6baebd243c32899c1c23
-
SHA1
2400be9b30b00d0f7c41227130f4886ea34bd3f6
-
SHA256
a62fcb3ae52c25681b2ee552f35d93a6de340c69fd66d9d8271c4fd6cc94e2b8
-
SHA512
7bd3a311e64d7fec23f1261be8c6a38f7008a1b060c549138f0a42d49e56a94c74ab72a395c06acb63083a44e30075e134dc97b419467043453399987b0e94af
-
SSDEEP
3072:KkG4Ek8Ws+KJiotj+74J5luk/xHy7Znb8ivS+f9vgUTQz3uRAaYh3di:lG4Q++oEbIbPvS+fJgzP5di
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-