General
-
Target
ecfc5d21ea436c485e2f32926d163b3d_JaffaCakes118
-
Size
48KB
-
Sample
240920-gt6k6asbld
-
MD5
ecfc5d21ea436c485e2f32926d163b3d
-
SHA1
d77048ab014cec20393ac97954e345e1b1b685d3
-
SHA256
9668264f2d4d18d68d03e160f7b40421dfb1663f5208ba67ba4ee153f28271b2
-
SHA512
54e485e40ea5f92a730b05a25ce6a683518236ffadba70ddd1f845f8bfa4f5b21c5f3b3986473bc540105fb9c7566f41bf2a5867b001125e5b8d8ca7ec10dee0
-
SSDEEP
768:ldCQTtYkZ1FOqHhxiEb69wrQeSYEyqfQfKLiG6vbumpdRz8sK87auKSOCJ8f4RJk:f7Ttz1BHjiEb6yQYY4Iibu4Rz8sh7ISi
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ecfc5d21ea436c485e2f32926d163b3d_JaffaCakes118
-
Size
48KB
-
MD5
ecfc5d21ea436c485e2f32926d163b3d
-
SHA1
d77048ab014cec20393ac97954e345e1b1b685d3
-
SHA256
9668264f2d4d18d68d03e160f7b40421dfb1663f5208ba67ba4ee153f28271b2
-
SHA512
54e485e40ea5f92a730b05a25ce6a683518236ffadba70ddd1f845f8bfa4f5b21c5f3b3986473bc540105fb9c7566f41bf2a5867b001125e5b8d8ca7ec10dee0
-
SSDEEP
768:ldCQTtYkZ1FOqHhxiEb69wrQeSYEyqfQfKLiG6vbumpdRz8sK87auKSOCJ8f4RJk:f7Ttz1BHjiEb6yQYY4Iibu4Rz8sh7ISi
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-