General
-
Target
70a8038d189039d79e851fdad6e1b021_JaffaCakes118
-
Size
259KB
-
Sample
240725-wl21bsyekh
-
MD5
70a8038d189039d79e851fdad6e1b021
-
SHA1
44f08b14b5e24e1152887a0355378b33619d80da
-
SHA256
9882dbeab876628893092123d1bf54377780f84cf55fe28fcf1e703fd2ceb3af
-
SHA512
d5a0204b968b0e93c1328b461486daaf5cf0e1ce19edc64b7de73c7ae92147f5714ea5a5c00b4616da15ec0a3a495c69c2f352acced0f3484b9d0fd6d82e9b5c
-
SSDEEP
6144:H0BbAErDlFiPN4dW1TknVkuYfveJKpQDAk/6YjuZbcGo/nM:uvrDaoCmVkuYOJKp+fpOYzPM
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
70a8038d189039d79e851fdad6e1b021_JaffaCakes118
-
Size
259KB
-
MD5
70a8038d189039d79e851fdad6e1b021
-
SHA1
44f08b14b5e24e1152887a0355378b33619d80da
-
SHA256
9882dbeab876628893092123d1bf54377780f84cf55fe28fcf1e703fd2ceb3af
-
SHA512
d5a0204b968b0e93c1328b461486daaf5cf0e1ce19edc64b7de73c7ae92147f5714ea5a5c00b4616da15ec0a3a495c69c2f352acced0f3484b9d0fd6d82e9b5c
-
SSDEEP
6144:H0BbAErDlFiPN4dW1TknVkuYfveJKpQDAk/6YjuZbcGo/nM:uvrDaoCmVkuYOJKp+fpOYzPM
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-