General
-
Target
fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118
-
Size
529KB
-
Sample
240420-crcg3seg8z
-
MD5
fbb58548bfeccd6a4527afe7c54dfb40
-
SHA1
f405d936bfb4765a9dbfcf4f658b097aafdeef6e
-
SHA256
2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca
-
SHA512
9e55ae83a08b12da9cd17cdcf01f2cd12ae9064c4d899f9086bd049764a83a21ce5d18274eb612fea357eca652c44b85ab1996c537b34809884bac4375490db1
-
SSDEEP
12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZZZZZZZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETOp
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
fbb58548bfeccd6a4527afe7c54dfb40_JaffaCakes118
-
Size
529KB
-
MD5
fbb58548bfeccd6a4527afe7c54dfb40
-
SHA1
f405d936bfb4765a9dbfcf4f658b097aafdeef6e
-
SHA256
2f4e4271679970807947b1c1bd3d8c8281f1bfbc6a15a1e1dfcfeef5e30b77ca
-
SHA512
9e55ae83a08b12da9cd17cdcf01f2cd12ae9064c4d899f9086bd049764a83a21ce5d18274eb612fea357eca652c44b85ab1996c537b34809884bac4375490db1
-
SSDEEP
12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZZZZZZZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETOp
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-