General
-
Target
1c228b24c705b36c5f791d788ca3d391_JaffaCakes118
-
Size
292KB
-
Sample
240701-xl8zbatfje
-
MD5
1c228b24c705b36c5f791d788ca3d391
-
SHA1
c2e503d2c8f911e0a520d702772f96c00ab611ba
-
SHA256
40976619899943690686051faa55e20f8fd832677e1b543590275222ed4b92b6
-
SHA512
6f82a57b9ed40046a4f7d62ae7ee2c7fc875d7dbf23f342af27df9c2b63fe76c4b00fd2c8b35f1bf64b6db4ba99ae8b9661b4c3a90698e6a5d5dfa3413def0ef
-
SSDEEP
6144:DCHe6bLDtO3y1wqtafwGwwvP6bQ7yMP+DE8276p7zUDAddrB6:Ke4tDofw26b7MP+Dd2mNzU6V6
Static task
static1
Behavioral task
behavioral1
Sample
1c228b24c705b36c5f791d788ca3d391_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1c228b24c705b36c5f791d788ca3d391_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1c228b24c705b36c5f791d788ca3d391_JaffaCakes118
-
Size
292KB
-
MD5
1c228b24c705b36c5f791d788ca3d391
-
SHA1
c2e503d2c8f911e0a520d702772f96c00ab611ba
-
SHA256
40976619899943690686051faa55e20f8fd832677e1b543590275222ed4b92b6
-
SHA512
6f82a57b9ed40046a4f7d62ae7ee2c7fc875d7dbf23f342af27df9c2b63fe76c4b00fd2c8b35f1bf64b6db4ba99ae8b9661b4c3a90698e6a5d5dfa3413def0ef
-
SSDEEP
6144:DCHe6bLDtO3y1wqtafwGwwvP6bQ7yMP+DE8276p7zUDAddrB6:Ke4tDofw26b7MP+Dd2mNzU6V6
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-