General
-
Target
e8216928140bffcfa84651878c8cd2bf_JaffaCakes118
-
Size
525KB
-
Sample
240918-cmv4maxfqq
-
MD5
e8216928140bffcfa84651878c8cd2bf
-
SHA1
c32bc59647218ef6e6999aaf1a14c29222e8662e
-
SHA256
2800a97346bd8285936c37e37ff5e6e66401505b74b2254701a49c3939a2276c
-
SHA512
ac3bc1a0fc8bd09b8207a473987f196fc5ef349cf41c5ef8780218db08fe9703e3371ba8a8b78158dd3f78bed3f7e4060b03915895f21e79b5e8993d95391dbd
-
SSDEEP
12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e8216928140bffcfa84651878c8cd2bf_JaffaCakes118
-
Size
525KB
-
MD5
e8216928140bffcfa84651878c8cd2bf
-
SHA1
c32bc59647218ef6e6999aaf1a14c29222e8662e
-
SHA256
2800a97346bd8285936c37e37ff5e6e66401505b74b2254701a49c3939a2276c
-
SHA512
ac3bc1a0fc8bd09b8207a473987f196fc5ef349cf41c5ef8780218db08fe9703e3371ba8a8b78158dd3f78bed3f7e4060b03915895f21e79b5e8993d95391dbd
-
SSDEEP
12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Drops file in System32 directory
-