General
-
Target
642a1387e47e54aabbcce4eac243176a_JaffaCakes118
-
Size
1.2MB
-
Sample
240722-wcg9kazdnk
-
MD5
642a1387e47e54aabbcce4eac243176a
-
SHA1
0cdcc9577ff61c6213a270b79fcf2d82add618cf
-
SHA256
cbed51ef851b273eeec5a2b7902f6cb6a0963836c8b4ba4bbf7b5faa6aa4a830
-
SHA512
955648f3f8d107fe19f644969f75f454f730f3bcf43cd59b7bf83953433050c683a686bb62f26369d592c1a3a05785392e43ca87c3227a60653cf8bd8475aa92
-
SSDEEP
12288:eDeq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuTp:en5rwgxG6TSPGEU7VqvLFyIna
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
642a1387e47e54aabbcce4eac243176a_JaffaCakes118
-
Size
1.2MB
-
MD5
642a1387e47e54aabbcce4eac243176a
-
SHA1
0cdcc9577ff61c6213a270b79fcf2d82add618cf
-
SHA256
cbed51ef851b273eeec5a2b7902f6cb6a0963836c8b4ba4bbf7b5faa6aa4a830
-
SHA512
955648f3f8d107fe19f644969f75f454f730f3bcf43cd59b7bf83953433050c683a686bb62f26369d592c1a3a05785392e43ca87c3227a60653cf8bd8475aa92
-
SSDEEP
12288:eDeq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuTp:en5rwgxG6TSPGEU7VqvLFyIna
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-