General
-
Target
1b6f0180f590096ad64577b9f88692c2_JaffaCakes118
-
Size
132KB
-
Sample
240701-qgagmaxanp
-
MD5
1b6f0180f590096ad64577b9f88692c2
-
SHA1
a8e7a592705c2620a0d300d5b7be778fe37f1c64
-
SHA256
09bda9bc0821d5576c8b2c9f506333b7ca4bf210016cf76063c20ec0820de71c
-
SHA512
971dbef8b41624f18d140d211b0f93cb6ef7b9630f180ff5f995181cc2c73d3c1ea79fd7da9c0a0dd023b7e0f21b92661d639a0b00e4b6e8cb2572064dd33099
-
SSDEEP
1536:33oH7x3kI3mTfPhcQ2QDOFbhSUA9GdPNHeARsV/HWyLcub7FLMejUV2JeHNsUEE:noqOLQDOTn8kV5sV/2yLz7FLHoaUl
Static task
static1
Behavioral task
behavioral1
Sample
1b6f0180f590096ad64577b9f88692c2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b6f0180f590096ad64577b9f88692c2_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1b6f0180f590096ad64577b9f88692c2_JaffaCakes118
-
Size
132KB
-
MD5
1b6f0180f590096ad64577b9f88692c2
-
SHA1
a8e7a592705c2620a0d300d5b7be778fe37f1c64
-
SHA256
09bda9bc0821d5576c8b2c9f506333b7ca4bf210016cf76063c20ec0820de71c
-
SHA512
971dbef8b41624f18d140d211b0f93cb6ef7b9630f180ff5f995181cc2c73d3c1ea79fd7da9c0a0dd023b7e0f21b92661d639a0b00e4b6e8cb2572064dd33099
-
SSDEEP
1536:33oH7x3kI3mTfPhcQ2QDOFbhSUA9GdPNHeARsV/HWyLcub7FLMejUV2JeHNsUEE:noqOLQDOTn8kV5sV/2yLz7FLHoaUl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-