General
-
Target
de7e7a22b366757c46516465ea6df14b_JaffaCakes118
-
Size
496KB
-
Sample
240913-t4nvbaxerf
-
MD5
de7e7a22b366757c46516465ea6df14b
-
SHA1
895db3dca07a4e7367a2e630903d6d363c759902
-
SHA256
4fc46648cab12a5cbc3357321aa32b0148e8ebef7834f7303b97419dd747cffc
-
SHA512
f65339cf8eff20433d3b6f9549bcf2da2a067e077ed3cbd87654e4ff7ad13d7f0c72249f9049dc973eb85b00b11b381e6c3300fac292e70f2de9c5062c87494d
-
SSDEEP
12288:C0H5QI+2yR8PkGIHKJZOSwFykiQmlHSAca3zhSZkL/GDFnSoY:C0H5QeyR8PkGIHKbOSwFliSRadekASo
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
de7e7a22b366757c46516465ea6df14b_JaffaCakes118
-
Size
496KB
-
MD5
de7e7a22b366757c46516465ea6df14b
-
SHA1
895db3dca07a4e7367a2e630903d6d363c759902
-
SHA256
4fc46648cab12a5cbc3357321aa32b0148e8ebef7834f7303b97419dd747cffc
-
SHA512
f65339cf8eff20433d3b6f9549bcf2da2a067e077ed3cbd87654e4ff7ad13d7f0c72249f9049dc973eb85b00b11b381e6c3300fac292e70f2de9c5062c87494d
-
SSDEEP
12288:C0H5QI+2yR8PkGIHKJZOSwFykiQmlHSAca3zhSZkL/GDFnSoY:C0H5QeyR8PkGIHKbOSwFliSRadekASo
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-