General
-
Target
ef0cb11e207e85934c655f17c4955961_JaffaCakes118
-
Size
46KB
-
Sample
240921-evnevsvbmf
-
MD5
ef0cb11e207e85934c655f17c4955961
-
SHA1
4af042c1b95f8d2c6e01b804f99ea578814f6bab
-
SHA256
4885962e650bd0476a3057d0f9b2bebf7538b9cbbb892b6ccae2fb45790a427c
-
SHA512
c48288835e6f7f0fd6c9d3b7cf55d3572da1cbfacf978c63bec8d61d33ba1e778c540ad8d05a99a55425db09db36c9fa6e28d5c21087aa1b0114d0069890a069
-
SSDEEP
768:fqh7/ClyJhD0wgIpinmd640YIgvqsZYJ8LADtDpE/6YErEWxRjQ3uYBeKMkiDFCd:2/Cligln00YLBYJ8LADt2/HEr5jH3DUd
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ef0cb11e207e85934c655f17c4955961_JaffaCakes118
-
Size
46KB
-
MD5
ef0cb11e207e85934c655f17c4955961
-
SHA1
4af042c1b95f8d2c6e01b804f99ea578814f6bab
-
SHA256
4885962e650bd0476a3057d0f9b2bebf7538b9cbbb892b6ccae2fb45790a427c
-
SHA512
c48288835e6f7f0fd6c9d3b7cf55d3572da1cbfacf978c63bec8d61d33ba1e778c540ad8d05a99a55425db09db36c9fa6e28d5c21087aa1b0114d0069890a069
-
SSDEEP
768:fqh7/ClyJhD0wgIpinmd640YIgvqsZYJ8LADtDpE/6YErEWxRjQ3uYBeKMkiDFCd:2/Cligln00YLBYJ8LADt2/HEr5jH3DUd
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-