General
-
Target
fc1707fcb742d93bf0f7808fb8d2e556_JaffaCakes118
-
Size
596KB
-
Sample
240420-gsnnysah9x
-
MD5
fc1707fcb742d93bf0f7808fb8d2e556
-
SHA1
c0ca459a87ec8a5257108876bc8e7acf42638126
-
SHA256
1d7cee63803dcd2695a0495e91a8a116cf57c2fcea60233ab15a3dc60d26bae1
-
SHA512
1d37de1f777adb7b3a3ce89fa165410178c3f125de53a24f7f622f128c0ac35d94133ff0b9932a11aa6203849b964799007a6a4ddf18608726062860d2747fd7
-
SSDEEP
6144:3f3KJtXH9d13vggfomhE2UfMxebJtgx+bqcmN9RZX5NQ3B7O:3mtNd1RQm6NKGJaxUAN5X5qx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
fc1707fcb742d93bf0f7808fb8d2e556_JaffaCakes118
-
Size
596KB
-
MD5
fc1707fcb742d93bf0f7808fb8d2e556
-
SHA1
c0ca459a87ec8a5257108876bc8e7acf42638126
-
SHA256
1d7cee63803dcd2695a0495e91a8a116cf57c2fcea60233ab15a3dc60d26bae1
-
SHA512
1d37de1f777adb7b3a3ce89fa165410178c3f125de53a24f7f622f128c0ac35d94133ff0b9932a11aa6203849b964799007a6a4ddf18608726062860d2747fd7
-
SSDEEP
6144:3f3KJtXH9d13vggfomhE2UfMxebJtgx+bqcmN9RZX5NQ3B7O:3mtNd1RQm6NKGJaxUAN5X5qx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-