General
-
Target
f18d0ea3eba7f29eb71e5e678900905f_JaffaCakes118
-
Size
84KB
-
Sample
240922-h9gseaxhjk
-
MD5
f18d0ea3eba7f29eb71e5e678900905f
-
SHA1
41094a34aef4451f819d5c610f4779314cd41f08
-
SHA256
e6c98e578cb9634f88badcf4569beffd4e701cb878b90bb4e08ef35656ea05db
-
SHA512
785723e5a4fc08545428888f2cb7b2e8ee09d32e06eca2ca8641360323ba7405e26cd76841d9e4e14100778a0fc6b42105951b7a90db9869f4aef0b2fd19f174
-
SSDEEP
1536:u71FFoJLfa66tsShRC9Xx9c6lck3zCOsQnmGW5Xejon5K:u71kiztsShsb97lck3uOeaon5K
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f18d0ea3eba7f29eb71e5e678900905f_JaffaCakes118
-
Size
84KB
-
MD5
f18d0ea3eba7f29eb71e5e678900905f
-
SHA1
41094a34aef4451f819d5c610f4779314cd41f08
-
SHA256
e6c98e578cb9634f88badcf4569beffd4e701cb878b90bb4e08ef35656ea05db
-
SHA512
785723e5a4fc08545428888f2cb7b2e8ee09d32e06eca2ca8641360323ba7405e26cd76841d9e4e14100778a0fc6b42105951b7a90db9869f4aef0b2fd19f174
-
SSDEEP
1536:u71FFoJLfa66tsShRC9Xx9c6lck3zCOsQnmGW5Xejon5K:u71kiztsShsb97lck3uOeaon5K
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-