General
-
Target
e6256f36df38ff322c0b24711b6d5000_JaffaCakes118
-
Size
499KB
-
Sample
240917-f7vv5sxbrp
-
MD5
e6256f36df38ff322c0b24711b6d5000
-
SHA1
266a8d7a125acaa482d777ec3fa85f3089cf0213
-
SHA256
5e6b83627c865b767b525832ba2006831ce4e32c7d26e898fb296f5c526e7801
-
SHA512
69b903d67d91a38a33127dbf4e50a47d0788f29cbe6299d863247b15589bdd31c6def8db243477921a6f17a9028c9fa939189e3c0dbeee67cd62557adeafa5da
-
SSDEEP
6144:mmLWonfQer5d4MuTW/ZR7TmoefqXqf+1:1WonfQednuy7+V+
Behavioral task
behavioral1
Sample
e6256f36df38ff322c0b24711b6d5000_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e6256f36df38ff322c0b24711b6d5000_JaffaCakes118
-
Size
499KB
-
MD5
e6256f36df38ff322c0b24711b6d5000
-
SHA1
266a8d7a125acaa482d777ec3fa85f3089cf0213
-
SHA256
5e6b83627c865b767b525832ba2006831ce4e32c7d26e898fb296f5c526e7801
-
SHA512
69b903d67d91a38a33127dbf4e50a47d0788f29cbe6299d863247b15589bdd31c6def8db243477921a6f17a9028c9fa939189e3c0dbeee67cd62557adeafa5da
-
SSDEEP
6144:mmLWonfQer5d4MuTW/ZR7TmoefqXqf+1:1WonfQednuy7+V+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-