General
-
Target
e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118
-
Size
722KB
-
Sample
241212-g5mmestjex
-
MD5
e5187b2eec6ce7f9292bfb9a0b835e4c
-
SHA1
111fe31ba8ebdd73029041c924388ad60c8befe3
-
SHA256
6719fec4f8363ff695ac4d888b74dc70360bea5be738336d13ded79958b2762d
-
SHA512
aa0de70529c20469a28b83586322ee0018f5e2f896772b4bc5cc32d3782df25645934fe3d9676032a9346b98c9e5c6a3d0bdea086991ba3666566c382f483119
-
SSDEEP
12288:1aaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYS:IUMtt3+4YwbgCWalKvXNMpznpRTr94Tl
Static task
static1
Behavioral task
behavioral1
Sample
e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118
-
Size
722KB
-
MD5
e5187b2eec6ce7f9292bfb9a0b835e4c
-
SHA1
111fe31ba8ebdd73029041c924388ad60c8befe3
-
SHA256
6719fec4f8363ff695ac4d888b74dc70360bea5be738336d13ded79958b2762d
-
SHA512
aa0de70529c20469a28b83586322ee0018f5e2f896772b4bc5cc32d3782df25645934fe3d9676032a9346b98c9e5c6a3d0bdea086991ba3666566c382f483119
-
SSDEEP
12288:1aaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYS:IUMtt3+4YwbgCWalKvXNMpznpRTr94Tl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-