General
-
Target
8e4646293ca700ee512b53a7f2fe265e_JaffaCakes118
-
Size
196KB
-
Sample
241104-awvhcaxqbw
-
MD5
8e4646293ca700ee512b53a7f2fe265e
-
SHA1
0df2bdd7e6c74056a53692aef270d78229516c5f
-
SHA256
b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17
-
SHA512
1dc4a941eee2e572e72bc7cdb79048bebbee513ac24912b48027351e6a6a173bc915ec119ccfafe98dc7ec228bb3ec202a5d64b514cb2c08cc61b6bc2c167735
-
SSDEEP
6144:VEPQEcsSYBLM/kzjh/Xjp8vi7s9+3DSm4:2PQmSWBXyviE+z
Behavioral task
behavioral1
Sample
8e4646293ca700ee512b53a7f2fe265e_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
8e4646293ca700ee512b53a7f2fe265e_JaffaCakes118
-
Size
196KB
-
MD5
8e4646293ca700ee512b53a7f2fe265e
-
SHA1
0df2bdd7e6c74056a53692aef270d78229516c5f
-
SHA256
b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17
-
SHA512
1dc4a941eee2e572e72bc7cdb79048bebbee513ac24912b48027351e6a6a173bc915ec119ccfafe98dc7ec228bb3ec202a5d64b514cb2c08cc61b6bc2c167735
-
SSDEEP
6144:VEPQEcsSYBLM/kzjh/Xjp8vi7s9+3DSm4:2PQmSWBXyviE+z
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-