General
-
Target
1d3209d60e33ec86ddcf0cd569132c99_JaffaCakes118
-
Size
151KB
-
Sample
240702-bcl8asthmm
-
MD5
1d3209d60e33ec86ddcf0cd569132c99
-
SHA1
699b70b9d1b5f6cfed21f9cc3e3361f8f00a2292
-
SHA256
c82e1dde36a2a75cbc86b475f072ecff05f77fd874c89d059c85836ff539fd06
-
SHA512
1f393be5025d829bf4404453ecec1823749dd06d3380ea400d564a38cb291f6b2c70326f3c44d9813c4c0aa9315a018438844983c36555e6585586b1a757537b
-
SSDEEP
3072:XpTRBSXcKETiLb1PnX+3xDmm+jV5JiOxFBWESCGRtexmqQY9:XpeXcKEwZPX+3xqmCVbisEEwRw3
Static task
static1
Behavioral task
behavioral1
Sample
1d3209d60e33ec86ddcf0cd569132c99_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1d3209d60e33ec86ddcf0cd569132c99_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1d3209d60e33ec86ddcf0cd569132c99_JaffaCakes118
-
Size
151KB
-
MD5
1d3209d60e33ec86ddcf0cd569132c99
-
SHA1
699b70b9d1b5f6cfed21f9cc3e3361f8f00a2292
-
SHA256
c82e1dde36a2a75cbc86b475f072ecff05f77fd874c89d059c85836ff539fd06
-
SHA512
1f393be5025d829bf4404453ecec1823749dd06d3380ea400d564a38cb291f6b2c70326f3c44d9813c4c0aa9315a018438844983c36555e6585586b1a757537b
-
SSDEEP
3072:XpTRBSXcKETiLb1PnX+3xDmm+jV5JiOxFBWESCGRtexmqQY9:XpeXcKEwZPX+3xqmCVbisEEwRw3
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-