General
-
Target
dab0739cd8b1414bc8a25ebaa0d36e46_JaffaCakes118
-
Size
112KB
-
Sample
240911-s8z8gayhrf
-
MD5
dab0739cd8b1414bc8a25ebaa0d36e46
-
SHA1
c9b3d9ebad4ad514b15ab01cc88e034cf55b85a3
-
SHA256
bec0ea082b066200a58e275b4c147649191fe345f86443eb2409813c14286198
-
SHA512
8f4efb20c711adb4f5097228f720e4561803fd277fb47903e6be968dcec8a9303ae1eb834cbab13a5d09277c5c1866134164c68d326d06f8abd2b0d7bc79924f
-
SSDEEP
3072:Ie3K/seOtotdmFOnPXMbEI11NQYcyep8BYUl:IgXQdaOeEMHTep8Bnl
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
dab0739cd8b1414bc8a25ebaa0d36e46_JaffaCakes118
-
Size
112KB
-
MD5
dab0739cd8b1414bc8a25ebaa0d36e46
-
SHA1
c9b3d9ebad4ad514b15ab01cc88e034cf55b85a3
-
SHA256
bec0ea082b066200a58e275b4c147649191fe345f86443eb2409813c14286198
-
SHA512
8f4efb20c711adb4f5097228f720e4561803fd277fb47903e6be968dcec8a9303ae1eb834cbab13a5d09277c5c1866134164c68d326d06f8abd2b0d7bc79924f
-
SSDEEP
3072:Ie3K/seOtotdmFOnPXMbEI11NQYcyep8BYUl:IgXQdaOeEMHTep8Bnl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-