General
-
Target
d225c1dfd8ef7a228e1053315690de1d_JaffaCakes118
-
Size
939KB
-
Sample
240907-rsc8bszhjc
-
MD5
d225c1dfd8ef7a228e1053315690de1d
-
SHA1
3347026a2e1fd3d6a86deb411df438e7815b6b72
-
SHA256
9cbe88f84a0eb0c6dd6dc66d636e2b9e83e14e0de932db0bdb0fbaf55375b27e
-
SHA512
4a0afe02aa17ba90e5d7e8b8b95ca53e95e16ed92576805d39d13b1e9569c096833a4c85872386e4f5ef99b6d155c1625c1b30d1a895916b56cbb2a1edd965ba
-
SSDEEP
24576:ECwEfwHLeiaM1LH0c/6ehfEyX7TBmwoc5gQ0B:EefIKwR9bnBkb
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d225c1dfd8ef7a228e1053315690de1d_JaffaCakes118
-
Size
939KB
-
MD5
d225c1dfd8ef7a228e1053315690de1d
-
SHA1
3347026a2e1fd3d6a86deb411df438e7815b6b72
-
SHA256
9cbe88f84a0eb0c6dd6dc66d636e2b9e83e14e0de932db0bdb0fbaf55375b27e
-
SHA512
4a0afe02aa17ba90e5d7e8b8b95ca53e95e16ed92576805d39d13b1e9569c096833a4c85872386e4f5ef99b6d155c1625c1b30d1a895916b56cbb2a1edd965ba
-
SSDEEP
24576:ECwEfwHLeiaM1LH0c/6ehfEyX7TBmwoc5gQ0B:EefIKwR9bnBkb
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-