General
-
Target
d9fd2afebd52b1aa86adbd91ec83a59b_JaffaCakes118
-
Size
144KB
-
Sample
240911-kq21casenb
-
MD5
d9fd2afebd52b1aa86adbd91ec83a59b
-
SHA1
3c2377c1bfa267e8d497d2142c0421e2c3c99060
-
SHA256
a491bb7b55d07d3af972836cf798aa58a327dc7ebfcc7320b2d29586003bf7ea
-
SHA512
e7bc1f8f3311d712494ba2384db965ffb318bdfa61e696a695173d2fefcc78a8a3b70b231cf5c2fb6b93e3c4e1835cfacc464e12e77f7c6e623fd84cfb5af6af
-
SSDEEP
3072:/KWP0e0jwisqYWR6dLD9rbsx8zw1R/UYAx1iYW+:/53WFtYRdLDKxww1R/w1iYW+
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d9fd2afebd52b1aa86adbd91ec83a59b_JaffaCakes118
-
Size
144KB
-
MD5
d9fd2afebd52b1aa86adbd91ec83a59b
-
SHA1
3c2377c1bfa267e8d497d2142c0421e2c3c99060
-
SHA256
a491bb7b55d07d3af972836cf798aa58a327dc7ebfcc7320b2d29586003bf7ea
-
SHA512
e7bc1f8f3311d712494ba2384db965ffb318bdfa61e696a695173d2fefcc78a8a3b70b231cf5c2fb6b93e3c4e1835cfacc464e12e77f7c6e623fd84cfb5af6af
-
SSDEEP
3072:/KWP0e0jwisqYWR6dLD9rbsx8zw1R/UYAx1iYW+:/53WFtYRdLDKxww1R/w1iYW+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-