General
-
Target
d71b012cbf49bc4dcda2593bcbe94743_JaffaCakes118
-
Size
124KB
-
Sample
240909-z4qlsssepg
-
MD5
d71b012cbf49bc4dcda2593bcbe94743
-
SHA1
963dc0180df1b8513c4248aa91a83cbfc85b780a
-
SHA256
92554d026b898504b61c1e76db379fac04e178e7b733392f91783b71d1f3e47f
-
SHA512
e7e5737b0e5ab40442686cf71381a35c16421934a3a93c78aeb704d7f4f04d86f8d9af4138f47a0d822ad64e0e188ab78241d74172adfb4c839bb8fdb58614d5
-
SSDEEP
1536:RhqSYtGeGemOBKu9eL5/4weWWzmrn14z7/zstv9ScRIMU/wAGrw1e5aRLW2/:+eVwweWUmr1S7/zw1R/UYAx1GYWO
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d71b012cbf49bc4dcda2593bcbe94743_JaffaCakes118
-
Size
124KB
-
MD5
d71b012cbf49bc4dcda2593bcbe94743
-
SHA1
963dc0180df1b8513c4248aa91a83cbfc85b780a
-
SHA256
92554d026b898504b61c1e76db379fac04e178e7b733392f91783b71d1f3e47f
-
SHA512
e7e5737b0e5ab40442686cf71381a35c16421934a3a93c78aeb704d7f4f04d86f8d9af4138f47a0d822ad64e0e188ab78241d74172adfb4c839bb8fdb58614d5
-
SSDEEP
1536:RhqSYtGeGemOBKu9eL5/4weWWzmrn14z7/zstv9ScRIMU/wAGrw1e5aRLW2/:+eVwweWUmr1S7/zw1R/UYAx1GYWO
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-