General
-
Target
f051ab4e7b5646a97caafe260e99df7b_JaffaCakes118
-
Size
527KB
-
Sample
240921-was82svfpj
-
MD5
f051ab4e7b5646a97caafe260e99df7b
-
SHA1
0f2f7661cfccb9e9ef030b4c7cbcae591c277081
-
SHA256
d9a4c7563632f29fa26548660bd4131faf2cfe5a7fc58564883680018dafee6d
-
SHA512
05140c4e52c1d0ca249d4e62daef86acea6eb0591b7bb9ca05ede05c99d3f9597ad82123bfab1c85d402e7e107df2483151db03f65a00b86878267ced867ba45
-
SSDEEP
12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zv3:VBCrpjiz4OZ+gnp2SWv3
Static task
static1
Behavioral task
behavioral1
Sample
f051ab4e7b5646a97caafe260e99df7b_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f051ab4e7b5646a97caafe260e99df7b_JaffaCakes118
-
Size
527KB
-
MD5
f051ab4e7b5646a97caafe260e99df7b
-
SHA1
0f2f7661cfccb9e9ef030b4c7cbcae591c277081
-
SHA256
d9a4c7563632f29fa26548660bd4131faf2cfe5a7fc58564883680018dafee6d
-
SHA512
05140c4e52c1d0ca249d4e62daef86acea6eb0591b7bb9ca05ede05c99d3f9597ad82123bfab1c85d402e7e107df2483151db03f65a00b86878267ced867ba45
-
SSDEEP
12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zv3:VBCrpjiz4OZ+gnp2SWv3
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-