General
-
Target
e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118
-
Size
713KB
-
Sample
240917-efejeatapb
-
MD5
e5fff3b2883a77ba676e822f50c876bc
-
SHA1
6d7d49f9d2a15c7b5dbe6f18890cb3db104da454
-
SHA256
5b20ac5ff7d0f91ab0e4670d93ed7c19e881cd936c6b461612cbdc3d1e80776c
-
SHA512
b1cc4b1335cc8e521e70ece7a03b7154f0c17887091b50689d0fcfa51485fc23328dcdc550d0d0d0d9d5503b8d3cf403c1fc1c996e720966fa900e6aad6bd1d4
-
SSDEEP
12288:LyR//TP9mlG+sw2xbqTOuQd47a1PuMgPzvxfzEzRq/3uPQ:LK/7glps9btumq8ulqzM/3uPQ
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118
-
Size
713KB
-
MD5
e5fff3b2883a77ba676e822f50c876bc
-
SHA1
6d7d49f9d2a15c7b5dbe6f18890cb3db104da454
-
SHA256
5b20ac5ff7d0f91ab0e4670d93ed7c19e881cd936c6b461612cbdc3d1e80776c
-
SHA512
b1cc4b1335cc8e521e70ece7a03b7154f0c17887091b50689d0fcfa51485fc23328dcdc550d0d0d0d9d5503b8d3cf403c1fc1c996e720966fa900e6aad6bd1d4
-
SSDEEP
12288:LyR//TP9mlG+sw2xbqTOuQd47a1PuMgPzvxfzEzRq/3uPQ:LK/7glps9btumq8ulqzM/3uPQ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies security service
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-