General
-
Target
e21237aa93486101f5e18d1ee46d69c7_JaffaCakes118
-
Size
132KB
-
Sample
240915-kbpfpsvcrq
-
MD5
e21237aa93486101f5e18d1ee46d69c7
-
SHA1
0a0d3fdcf8359e71d4cf2874bca1bdb42f539d4b
-
SHA256
985c37c8308dc42e231eb607d91abeed52d47aeb6a698127a608537a4243df92
-
SHA512
38046561aec72503dce0ebc5704771ca85a7ab9ecde4760ee9d359950aac2e7c326ce37482fce13a28d0d1cffc18fc0444e1468ea3259d97f93e868376642bec
-
SSDEEP
3072:RW0DUlKDL2yvB5waMlYkQZfUPrlVlTiIGIkh3rl/:RW0jf0Tv3lT6IkBx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e21237aa93486101f5e18d1ee46d69c7_JaffaCakes118
-
Size
132KB
-
MD5
e21237aa93486101f5e18d1ee46d69c7
-
SHA1
0a0d3fdcf8359e71d4cf2874bca1bdb42f539d4b
-
SHA256
985c37c8308dc42e231eb607d91abeed52d47aeb6a698127a608537a4243df92
-
SHA512
38046561aec72503dce0ebc5704771ca85a7ab9ecde4760ee9d359950aac2e7c326ce37482fce13a28d0d1cffc18fc0444e1468ea3259d97f93e868376642bec
-
SSDEEP
3072:RW0DUlKDL2yvB5waMlYkQZfUPrlVlTiIGIkh3rl/:RW0jf0Tv3lT6IkBx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-