General
-
Target
e6fb93cd46a5a67c3e972d7ab9c4d647_JaffaCakes118
-
Size
1.4MB
-
Sample
240917-rdc9sawgpa
-
MD5
e6fb93cd46a5a67c3e972d7ab9c4d647
-
SHA1
514f8dcadd77311a0dd6bcbcf9561fbeece783a4
-
SHA256
0c230551ba6768e9f90103ccfffd5c93f4a98b397e33f7cef22a3bfc672c3c8d
-
SHA512
4c1e3238e7744fc7f80e7908814cd72437d3127de2ef1b92fd828d360bb354e61af31976690a8a52ca606d0cc94c3680602779f53e9fe3e2d2e392d560c5f24c
-
SSDEEP
24576:vVvmsj+SxBt4o7X+NH+7eBVxtXlbCrQsfZ22acJp4aR6oSmo8d/6nh57fue:pmsj+SjtzjMjBVhOQNLud6oVos/6nh53
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e6fb93cd46a5a67c3e972d7ab9c4d647_JaffaCakes118
-
Size
1.4MB
-
MD5
e6fb93cd46a5a67c3e972d7ab9c4d647
-
SHA1
514f8dcadd77311a0dd6bcbcf9561fbeece783a4
-
SHA256
0c230551ba6768e9f90103ccfffd5c93f4a98b397e33f7cef22a3bfc672c3c8d
-
SHA512
4c1e3238e7744fc7f80e7908814cd72437d3127de2ef1b92fd828d360bb354e61af31976690a8a52ca606d0cc94c3680602779f53e9fe3e2d2e392d560c5f24c
-
SSDEEP
24576:vVvmsj+SxBt4o7X+NH+7eBVxtXlbCrQsfZ22acJp4aR6oSmo8d/6nh57fue:pmsj+SjtzjMjBVhOQNLud6oVos/6nh53
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-