General
-
Target
189ff481b8f862fe67b02af6f0d533a0_JaffaCakes118
-
Size
18.2MB
-
Sample
240628-d26dks1hkp
-
MD5
189ff481b8f862fe67b02af6f0d533a0
-
SHA1
e4579a6e05c59eb973703944a943fbaddc287155
-
SHA256
61631244fa556477610c385b41bec8a1b6259345bd9fc243d1b896da15cb84c3
-
SHA512
0bd21542f42f023698d3be71d73ff49778960ae571118b0018de5da8cac7f74fe962db57e6d83fd210fee3417a7c28bb1217a7f4464d129cff9ced4f30be9184
-
SSDEEP
196608:Mv2TXJg8OS3Cz56M7iowftxmX9xnkj/nvtY9ae41j5:MeTXJFOS3Cz56OioetxGa/nWI7
Static task
static1
Behavioral task
behavioral1
Sample
189ff481b8f862fe67b02af6f0d533a0_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
189ff481b8f862fe67b02af6f0d533a0_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.1.9:4444
Targets
-
-
Target
189ff481b8f862fe67b02af6f0d533a0_JaffaCakes118
-
Size
18.2MB
-
MD5
189ff481b8f862fe67b02af6f0d533a0
-
SHA1
e4579a6e05c59eb973703944a943fbaddc287155
-
SHA256
61631244fa556477610c385b41bec8a1b6259345bd9fc243d1b896da15cb84c3
-
SHA512
0bd21542f42f023698d3be71d73ff49778960ae571118b0018de5da8cac7f74fe962db57e6d83fd210fee3417a7c28bb1217a7f4464d129cff9ced4f30be9184
-
SSDEEP
196608:Mv2TXJg8OS3Cz56M7iowftxmX9xnkj/nvtY9ae41j5:MeTXJFOS3Cz56OioetxGa/nWI7
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-