General
-
Target
dfd05fadeb60b8ef73d83bd2a5312fd4_JaffaCakes118
-
Size
519KB
-
Sample
240914-j99nvsveqa
-
MD5
dfd05fadeb60b8ef73d83bd2a5312fd4
-
SHA1
fcac8c58be8ed302131ebfaaeac977c67d086f42
-
SHA256
fc0919c185fc516b207940d54eb987c800882e3387427da740dd01596e8895c1
-
SHA512
282ac8b84eee4e907496546e3364ba102bb10eef2d9621781459286cac50b7e1c371f00294b195a1150755c5c2286aa020c93d0d0a0375c6fa04e667b8531f45
-
SSDEEP
12288:Pgmv3zIpJ7ZARk8U0w7rWxY/hFSBQ56ZHaG6yplxMWgIOKhPTgFHjSH:PtjInVARmbrWGpmo6NaGppl2W/dhPEx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
dfd05fadeb60b8ef73d83bd2a5312fd4_JaffaCakes118
-
Size
519KB
-
MD5
dfd05fadeb60b8ef73d83bd2a5312fd4
-
SHA1
fcac8c58be8ed302131ebfaaeac977c67d086f42
-
SHA256
fc0919c185fc516b207940d54eb987c800882e3387427da740dd01596e8895c1
-
SHA512
282ac8b84eee4e907496546e3364ba102bb10eef2d9621781459286cac50b7e1c371f00294b195a1150755c5c2286aa020c93d0d0a0375c6fa04e667b8531f45
-
SSDEEP
12288:Pgmv3zIpJ7ZARk8U0w7rWxY/hFSBQ56ZHaG6yplxMWgIOKhPTgFHjSH:PtjInVARmbrWGpmo6NaGppl2W/dhPEx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-