General
-
Target
d54ac1a062c584ba2abcc1121bbcf641_JaffaCakes118
-
Size
199KB
-
Sample
241208-fbsqxatkav
-
MD5
d54ac1a062c584ba2abcc1121bbcf641
-
SHA1
d4f760867b05a2012a75b1146d21c4f1f0ba5440
-
SHA256
302f067a1b08356abc25f052ce527a0571d2ed0331ee6c09b91b78ac815cb7b9
-
SHA512
4420e13da6379029533daf5ffc83deb6e0cd1d5116facbd8eb40783580b751c8951272a53634e160f710917ca09b6d5d4cc77c00d54830b199f36a7bd3834674
-
SSDEEP
6144:CpwTh2vAXv8LOXCgRyVyEsUIUFJgOJTjF9i:LTh2IXULANoIUFJgcTXi
Static task
static1
Behavioral task
behavioral1
Sample
d54ac1a062c584ba2abcc1121bbcf641_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d54ac1a062c584ba2abcc1121bbcf641_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d54ac1a062c584ba2abcc1121bbcf641_JaffaCakes118
-
Size
199KB
-
MD5
d54ac1a062c584ba2abcc1121bbcf641
-
SHA1
d4f760867b05a2012a75b1146d21c4f1f0ba5440
-
SHA256
302f067a1b08356abc25f052ce527a0571d2ed0331ee6c09b91b78ac815cb7b9
-
SHA512
4420e13da6379029533daf5ffc83deb6e0cd1d5116facbd8eb40783580b751c8951272a53634e160f710917ca09b6d5d4cc77c00d54830b199f36a7bd3834674
-
SSDEEP
6144:CpwTh2vAXv8LOXCgRyVyEsUIUFJgOJTjF9i:LTh2IXULANoIUFJgcTXi
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-