General
-
Target
8639abc370f8ad58845083672679deb3_JaffaCakes118
-
Size
204KB
-
Sample
240810-qpb1esvhmd
-
MD5
8639abc370f8ad58845083672679deb3
-
SHA1
32b7d9e6af622479cc348e24c35e0177bd6cca60
-
SHA256
77900796878747b9d2b8bc94df1bb3c3e00324c79756297758087c85d510ec7d
-
SHA512
43f331e464e517713e2dd5f4b944d7686ff0a6196a3d997cf438a2a9a91dcaf41d58f3d1b8faf0d46dbddde44be512cd4d130c5252f0a1c864a32d8f8e08b049
-
SSDEEP
3072:7KA4b44AdKpFPWT12yQTKk+HFEPtN3F3H0Ehry4DzoXWTJtEoRO/:+A4b44AApFuT8yQTKkmEVbVyNXWTAoc
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
8639abc370f8ad58845083672679deb3_JaffaCakes118
-
Size
204KB
-
MD5
8639abc370f8ad58845083672679deb3
-
SHA1
32b7d9e6af622479cc348e24c35e0177bd6cca60
-
SHA256
77900796878747b9d2b8bc94df1bb3c3e00324c79756297758087c85d510ec7d
-
SHA512
43f331e464e517713e2dd5f4b944d7686ff0a6196a3d997cf438a2a9a91dcaf41d58f3d1b8faf0d46dbddde44be512cd4d130c5252f0a1c864a32d8f8e08b049
-
SSDEEP
3072:7KA4b44AdKpFPWT12yQTKk+HFEPtN3F3H0Ehry4DzoXWTJtEoRO/:+A4b44AApFuT8yQTKkmEVbVyNXWTAoc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-