General
-
Target
14419a418849fc6c85a300951e5e78a7_JaffaCakes118
-
Size
195KB
-
Sample
240627-b9x13awfqb
-
MD5
14419a418849fc6c85a300951e5e78a7
-
SHA1
999efdabbd5625d6aa2f039a911256030a7074c4
-
SHA256
52e9e58c2ecfde3a752621ff159bbb34f648820ec1b70c97c0c1684e6721940e
-
SHA512
7a8ec141774f7bb11e55c7c3586b8c7ff53061b723c1bfa6f9dc83f0457feb3cc9893fbaae37173ebc76d229c5907962212442a4399b253d9a6ef305e7c98ff4
-
SSDEEP
3072:r9RcChXSC7+U1DBQO3S4cAA4JuCP30e0u1139tP4feISqf1wRbBHLRmmkD:9xymB7CQJ5PE9uP3zDISqf1wR9Ha
Static task
static1
Behavioral task
behavioral1
Sample
14419a418849fc6c85a300951e5e78a7_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
14419a418849fc6c85a300951e5e78a7_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
14419a418849fc6c85a300951e5e78a7_JaffaCakes118
-
Size
195KB
-
MD5
14419a418849fc6c85a300951e5e78a7
-
SHA1
999efdabbd5625d6aa2f039a911256030a7074c4
-
SHA256
52e9e58c2ecfde3a752621ff159bbb34f648820ec1b70c97c0c1684e6721940e
-
SHA512
7a8ec141774f7bb11e55c7c3586b8c7ff53061b723c1bfa6f9dc83f0457feb3cc9893fbaae37173ebc76d229c5907962212442a4399b253d9a6ef305e7c98ff4
-
SSDEEP
3072:r9RcChXSC7+U1DBQO3S4cAA4JuCP30e0u1139tP4feISqf1wRbBHLRmmkD:9xymB7CQJ5PE9uP3zDISqf1wR9Ha
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-