General
-
Target
ef7b8a56292d9170d59b470149d38495_JaffaCakes118
-
Size
272KB
-
Sample
240921-k72qxavcnc
-
MD5
ef7b8a56292d9170d59b470149d38495
-
SHA1
12f5b67f0b021f3c7420ead77b0dc83ff8679e1d
-
SHA256
a4b74be3be8dccde00ff1adbc434985cf6c1fb6cc4cae533ffcffaed9a298034
-
SHA512
2af8b0256910e5987d57342f87abbc7907c28ef981884d1fa948b651b16440cfc90f813ea0ee935b20c6e6fc74aa81feeb48f67f9bde43cf26f831aca7fdd301
-
SSDEEP
3072:KlU4/i3619cTDWXWwR27UhrtcMYKojspfdwR73+zFpEcrMxfDUk98k3CAi1mSDUf:KyIeGfR27yr/1mujEryk98k3Bicf
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ef7b8a56292d9170d59b470149d38495_JaffaCakes118
-
Size
272KB
-
MD5
ef7b8a56292d9170d59b470149d38495
-
SHA1
12f5b67f0b021f3c7420ead77b0dc83ff8679e1d
-
SHA256
a4b74be3be8dccde00ff1adbc434985cf6c1fb6cc4cae533ffcffaed9a298034
-
SHA512
2af8b0256910e5987d57342f87abbc7907c28ef981884d1fa948b651b16440cfc90f813ea0ee935b20c6e6fc74aa81feeb48f67f9bde43cf26f831aca7fdd301
-
SSDEEP
3072:KlU4/i3619cTDWXWwR27UhrtcMYKojspfdwR73+zFpEcrMxfDUk98k3CAi1mSDUf:KyIeGfR27yr/1mujEryk98k3Bicf
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-