General
-
Target
63f843fa463b6804e46ad0271e46d90e_JaffaCakes118
-
Size
199KB
-
Sample
240722-t9gcesxbkg
-
MD5
63f843fa463b6804e46ad0271e46d90e
-
SHA1
b8fdd784e24203c4cc3e721920f12572a2abef34
-
SHA256
4fd528cc0a8a6464b9609f56da5be763d58410bed0c740860eeeafda10d7e7fc
-
SHA512
68b4a98a1eba959c3fd2b81a30a8d4da8ad039cb301b217f55f5954164add9b28458970110b7008356f2ecd7f66a59e6fcbd6a1039214b1f33d25ea3d8542954
-
SSDEEP
3072:WZJXuVBeTMqzaNKXhdPlWh+4wQEbK/Xmi2GKp8zHHr154Nsb2P3O:WbXuVBeJvxdgPFSfi23KzHL15413
Behavioral task
behavioral1
Sample
63f843fa463b6804e46ad0271e46d90e_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
63f843fa463b6804e46ad0271e46d90e_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
63f843fa463b6804e46ad0271e46d90e_JaffaCakes118
-
Size
199KB
-
MD5
63f843fa463b6804e46ad0271e46d90e
-
SHA1
b8fdd784e24203c4cc3e721920f12572a2abef34
-
SHA256
4fd528cc0a8a6464b9609f56da5be763d58410bed0c740860eeeafda10d7e7fc
-
SHA512
68b4a98a1eba959c3fd2b81a30a8d4da8ad039cb301b217f55f5954164add9b28458970110b7008356f2ecd7f66a59e6fcbd6a1039214b1f33d25ea3d8542954
-
SSDEEP
3072:WZJXuVBeTMqzaNKXhdPlWh+4wQEbK/Xmi2GKp8zHHr154Nsb2P3O:WbXuVBeJvxdgPFSfi23KzHL15413
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-