General
-
Target
d7016e3657908fbdefe1c71a5f20782a_JaffaCakes118
-
Size
40KB
-
Sample
240909-yre4vsxcml
-
MD5
d7016e3657908fbdefe1c71a5f20782a
-
SHA1
0a8dac63cc30d6672e04e49585360405ff650b06
-
SHA256
5c66a87307c47fe5a74af25f344583911feae4f689683d2be6f1ee46ea4284af
-
SHA512
cb9abbccb0dec8eb85a13dacafa6b2825364ccb9f30343b42a4b2b283558bf38672c8af91a25878a9870982824d50a3d5c5962ddb874f70a268eefd9cb69771c
-
SSDEEP
768:EDY5PRz6m20rubTtR6weprYwbRCMa8f+gsyDYm:R9R+OKPQpswbLz+vm
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d7016e3657908fbdefe1c71a5f20782a_JaffaCakes118
-
Size
40KB
-
MD5
d7016e3657908fbdefe1c71a5f20782a
-
SHA1
0a8dac63cc30d6672e04e49585360405ff650b06
-
SHA256
5c66a87307c47fe5a74af25f344583911feae4f689683d2be6f1ee46ea4284af
-
SHA512
cb9abbccb0dec8eb85a13dacafa6b2825364ccb9f30343b42a4b2b283558bf38672c8af91a25878a9870982824d50a3d5c5962ddb874f70a268eefd9cb69771c
-
SSDEEP
768:EDY5PRz6m20rubTtR6weprYwbRCMa8f+gsyDYm:R9R+OKPQpswbLz+vm
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-