General
-
Target
de7a7909e2a4881801c2d772f260d8c0_JaffaCakes118
-
Size
525KB
-
Sample
240913-tqvqpsxclf
-
MD5
de7a7909e2a4881801c2d772f260d8c0
-
SHA1
34c2eb007f47caddbec12c09a529c1140b50e237
-
SHA256
03bd3ab203a1cc4712c61fed0a1393b63a032731f7cdbb13a73164c1e46b1806
-
SHA512
3b02833a42c2aab49827b3108fa03b6abef8987351fe6b5d85dcdc182ec479707efd23b47b91eddc96e99b3ac934701c1108ee7443f0240aec29e49b6ae7ec02
-
SSDEEP
12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zvD:VBCrpjiz4OZ+gnp2SWvD
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
de7a7909e2a4881801c2d772f260d8c0_JaffaCakes118
-
Size
525KB
-
MD5
de7a7909e2a4881801c2d772f260d8c0
-
SHA1
34c2eb007f47caddbec12c09a529c1140b50e237
-
SHA256
03bd3ab203a1cc4712c61fed0a1393b63a032731f7cdbb13a73164c1e46b1806
-
SHA512
3b02833a42c2aab49827b3108fa03b6abef8987351fe6b5d85dcdc182ec479707efd23b47b91eddc96e99b3ac934701c1108ee7443f0240aec29e49b6ae7ec02
-
SSDEEP
12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zvD:VBCrpjiz4OZ+gnp2SWvD
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-