General
-
Target
JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d
-
Size
257KB
-
Sample
250127-zqgrqsvnex
-
MD5
439abb5df2d8d0f569f194fe9446d85d
-
SHA1
46125b0c07853a16b3595d5c597d86c9a6f5c925
-
SHA256
aec0430a38315effaa081593a3092eb9dbb2d33ea654d48fc9c573832430e2ec
-
SHA512
f97d459f160fb72592526d71b41b5ba016490447dc2da025f8125673d37bc79cd33e1202216c39c6827911b4496805ebe8770027e32475b94590ecd132c5b927
-
SSDEEP
6144:mgp+eQp3mWsm9jdUgDToU7uky3XRn/N+8phUZO3gWBkO:Bp+e6WsTN7uN3FLSO3dV
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d
-
Size
257KB
-
MD5
439abb5df2d8d0f569f194fe9446d85d
-
SHA1
46125b0c07853a16b3595d5c597d86c9a6f5c925
-
SHA256
aec0430a38315effaa081593a3092eb9dbb2d33ea654d48fc9c573832430e2ec
-
SHA512
f97d459f160fb72592526d71b41b5ba016490447dc2da025f8125673d37bc79cd33e1202216c39c6827911b4496805ebe8770027e32475b94590ecd132c5b927
-
SSDEEP
6144:mgp+eQp3mWsm9jdUgDToU7uky3XRn/N+8phUZO3gWBkO:Bp+e6WsTN7uN3FLSO3dV
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-