General
-
Target
020451bbb6189263a13e61756a03bd22_JaffaCakes118
-
Size
112KB
-
Sample
240930-sn5x8asbmk
-
MD5
020451bbb6189263a13e61756a03bd22
-
SHA1
d379da639f6c2258d19b8a0409ea44be21052bae
-
SHA256
c5e2c7feaaec8f48a8000602cef5e8925e49aa0a88e2032d01c89dafe0f67893
-
SHA512
615319b5d0d118b6df41ca1054b49bf68d33d6829546deda17ff99cfb468941a44ad08e1983816f69bdea531def25d03586f0926fb62f1b58764daa499b0cd36
-
SSDEEP
3072:YuFs5T9SddSSSF8Oi0hlAd2APa6MjBjxYV:ds5ZSddSuwhlC25BY
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
020451bbb6189263a13e61756a03bd22_JaffaCakes118
-
Size
112KB
-
MD5
020451bbb6189263a13e61756a03bd22
-
SHA1
d379da639f6c2258d19b8a0409ea44be21052bae
-
SHA256
c5e2c7feaaec8f48a8000602cef5e8925e49aa0a88e2032d01c89dafe0f67893
-
SHA512
615319b5d0d118b6df41ca1054b49bf68d33d6829546deda17ff99cfb468941a44ad08e1983816f69bdea531def25d03586f0926fb62f1b58764daa499b0cd36
-
SSDEEP
3072:YuFs5T9SddSSSF8Oi0hlAd2APa6MjBjxYV:ds5ZSddSuwhlC25BY
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-