General
-
Target
f6bd6d852d3004a158b8e592b4abba44_JaffaCakes118
-
Size
132KB
-
Sample
240925-yhzf5sthrk
-
MD5
f6bd6d852d3004a158b8e592b4abba44
-
SHA1
ba5aac9a16c13726a494ac785ee59411517e707a
-
SHA256
1c6a88a5e54c005fda614ed63f33b39d74de1ba7c723e5e8366cde288b3ceb93
-
SHA512
fb863889570b4e49e4b73b015f015e44f9c494bb8d68859819eadf9e86eb580c2700cd23bc1aaf966720bb17d7cd88ac5febbea33f37042d8d0f4a9419e0b693
-
SSDEEP
3072:TW0DUlKDL2yvB5waMlYkQZfUPrlVlTiIGIkh3rl/:TW0jf0Tv3lT6IkBx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
f6bd6d852d3004a158b8e592b4abba44_JaffaCakes118
-
Size
132KB
-
MD5
f6bd6d852d3004a158b8e592b4abba44
-
SHA1
ba5aac9a16c13726a494ac785ee59411517e707a
-
SHA256
1c6a88a5e54c005fda614ed63f33b39d74de1ba7c723e5e8366cde288b3ceb93
-
SHA512
fb863889570b4e49e4b73b015f015e44f9c494bb8d68859819eadf9e86eb580c2700cd23bc1aaf966720bb17d7cd88ac5febbea33f37042d8d0f4a9419e0b693
-
SSDEEP
3072:TW0DUlKDL2yvB5waMlYkQZfUPrlVlTiIGIkh3rl/:TW0jf0Tv3lT6IkBx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-