General
-
Target
f586546746324fa08547a9a5f5732cc1_JaffaCakes118
-
Size
579KB
-
Sample
240417-l46fcsbf38
-
MD5
f586546746324fa08547a9a5f5732cc1
-
SHA1
90e13b0bae0cd8e49c3ad9a265e6d84700556550
-
SHA256
ce5846f5d2f24fc11ba5e5945d943355bfe25607e0e2f57d7a15a867b44ea500
-
SHA512
1d2a93818ffa201abcc3a113d8b1c231657c471cf73c0cf207cf0952e007fae870e10fa608c07d99843cd60440db6cf17cb90947212ff59a49899f04efe7bae4
-
SSDEEP
12288:A8tQ+kjqFVZA6zxtSFOjQnTPi069REv26wX95BXSgCa0E/POePp:A81kjqFkmxtSFOjQTa069REv26wX9DX5
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f586546746324fa08547a9a5f5732cc1_JaffaCakes118
-
Size
579KB
-
MD5
f586546746324fa08547a9a5f5732cc1
-
SHA1
90e13b0bae0cd8e49c3ad9a265e6d84700556550
-
SHA256
ce5846f5d2f24fc11ba5e5945d943355bfe25607e0e2f57d7a15a867b44ea500
-
SHA512
1d2a93818ffa201abcc3a113d8b1c231657c471cf73c0cf207cf0952e007fae870e10fa608c07d99843cd60440db6cf17cb90947212ff59a49899f04efe7bae4
-
SSDEEP
12288:A8tQ+kjqFVZA6zxtSFOjQnTPi069REv26wX95BXSgCa0E/POePp:A81kjqFkmxtSFOjQTa069REv26wX9DX5
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-