General
-
Target
f052347e9314846d6edd49d64df97aeb_JaffaCakes118
-
Size
209KB
-
Sample
240921-wbj2rsvgjn
-
MD5
f052347e9314846d6edd49d64df97aeb
-
SHA1
bff4af3dbd5e691828d05b07e64f91cb857a6367
-
SHA256
335a13fd4fa4710e331261898883ef03dda84b293c189fcaf291fe9fdbafc256
-
SHA512
27780ffcd387e69daa27fd431c88555bf88ace7bfe7ba418c1850548540c2d2e33495844fa8b871a97395607a8cefa391cc2e4bd66c201e447fb5767c173361f
-
SSDEEP
6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscT:hlogQKXd6b7MP+Dd2UYZT
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
f052347e9314846d6edd49d64df97aeb_JaffaCakes118
-
Size
209KB
-
MD5
f052347e9314846d6edd49d64df97aeb
-
SHA1
bff4af3dbd5e691828d05b07e64f91cb857a6367
-
SHA256
335a13fd4fa4710e331261898883ef03dda84b293c189fcaf291fe9fdbafc256
-
SHA512
27780ffcd387e69daa27fd431c88555bf88ace7bfe7ba418c1850548540c2d2e33495844fa8b871a97395607a8cefa391cc2e4bd66c201e447fb5767c173361f
-
SSDEEP
6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscT:hlogQKXd6b7MP+Dd2UYZT
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies security service
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-