General
-
Target
e303c45b47964eac4a963ec7fe22f8b2_JaffaCakes118
-
Size
512KB
-
Sample
240915-v1jxmavfpj
-
MD5
e303c45b47964eac4a963ec7fe22f8b2
-
SHA1
96ab3045af9c00022b95e4da1a71620c2851c7b9
-
SHA256
c4117dfef9be658345231f2f3dd057b553e18bea36068856c5bda1d2b9d36853
-
SHA512
2ccbf25f7c304c4e810662e977a56c1196fa135cdd46bc7e4c4eecc11a8f695592650c09e2e289f0168364660e3723ab8db1232fdcdad50bb21e2f3d1bf01304
-
SSDEEP
12288:CbuGaAwHLj7L3E5nfDLuYGLgcSxXFX1VAcpkDO6ufo7Kt:CFIbDE9fH0tO/ic+DO6u5
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e303c45b47964eac4a963ec7fe22f8b2_JaffaCakes118
-
Size
512KB
-
MD5
e303c45b47964eac4a963ec7fe22f8b2
-
SHA1
96ab3045af9c00022b95e4da1a71620c2851c7b9
-
SHA256
c4117dfef9be658345231f2f3dd057b553e18bea36068856c5bda1d2b9d36853
-
SHA512
2ccbf25f7c304c4e810662e977a56c1196fa135cdd46bc7e4c4eecc11a8f695592650c09e2e289f0168364660e3723ab8db1232fdcdad50bb21e2f3d1bf01304
-
SSDEEP
12288:CbuGaAwHLj7L3E5nfDLuYGLgcSxXFX1VAcpkDO6ufo7Kt:CFIbDE9fH0tO/ic+DO6u5
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-