General
-
Target
e5d3426f92420db8dfcdf4cc4ea85fee_JaffaCakes118
-
Size
44KB
-
Sample
240917-alxvqaxcnf
-
MD5
e5d3426f92420db8dfcdf4cc4ea85fee
-
SHA1
b63e5e29fe2b00d727c921b13aa03dea137ec3df
-
SHA256
f0451e082c27e1dfb44e7b871631e2a1f54c230f9a2813093931c4864de94520
-
SHA512
db6487f02518815c37d60a6951e956cd1a942b8a24beaaf194df34dfb91a9c00d2ca299a678a9a1b72bde83a4b38153e6f275a5c4f18bd3f0f784f20970cd090
-
SSDEEP
768:8xZknhnH4X9SpdY7JHVxpfw/Nf1ahewLPWZv0HjL:lndYXQdK/EwCiHjL
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e5d3426f92420db8dfcdf4cc4ea85fee_JaffaCakes118
-
Size
44KB
-
MD5
e5d3426f92420db8dfcdf4cc4ea85fee
-
SHA1
b63e5e29fe2b00d727c921b13aa03dea137ec3df
-
SHA256
f0451e082c27e1dfb44e7b871631e2a1f54c230f9a2813093931c4864de94520
-
SHA512
db6487f02518815c37d60a6951e956cd1a942b8a24beaaf194df34dfb91a9c00d2ca299a678a9a1b72bde83a4b38153e6f275a5c4f18bd3f0f784f20970cd090
-
SSDEEP
768:8xZknhnH4X9SpdY7JHVxpfw/Nf1ahewLPWZv0HjL:lndYXQdK/EwCiHjL
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-