General
-
Target
e97359e03fce31965d6780ad002c5f0b_JaffaCakes118
-
Size
51KB
-
Sample
240918-s6k1rsyfpf
-
MD5
e97359e03fce31965d6780ad002c5f0b
-
SHA1
77db2f8dd647a81006b2e93317e84eb22104cb35
-
SHA256
5824ca5b41688a25ccc114b7acfc7b98d0b497ef8c28a31364c41013950bc2df
-
SHA512
77551ad6daabd2061a2e43a57116ecd0f9fb9e62c6b9493482e8923db7fe2fce832e07c1cee3f4ba20bf548bd8959bdbca3efde7089783951fb45799419d575c
-
SSDEEP
768:oyvkxV/oeDTNe73y0UGZPr0mybXRMm9wLsJnWP+zflidjIdgRGj4UHVvRGEs95:orv/rDZeWTK4m6MkZnc+zflidVGPHwj
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
e97359e03fce31965d6780ad002c5f0b_JaffaCakes118
-
Size
51KB
-
MD5
e97359e03fce31965d6780ad002c5f0b
-
SHA1
77db2f8dd647a81006b2e93317e84eb22104cb35
-
SHA256
5824ca5b41688a25ccc114b7acfc7b98d0b497ef8c28a31364c41013950bc2df
-
SHA512
77551ad6daabd2061a2e43a57116ecd0f9fb9e62c6b9493482e8923db7fe2fce832e07c1cee3f4ba20bf548bd8959bdbca3efde7089783951fb45799419d575c
-
SSDEEP
768:oyvkxV/oeDTNe73y0UGZPr0mybXRMm9wLsJnWP+zflidjIdgRGj4UHVvRGEs95:orv/rDZeWTK4m6MkZnc+zflidVGPHwj
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-