General
-
Target
05c418af3900b546df67d3961fb4619b_JaffaCakes118
-
Size
162KB
-
Sample
241001-pb6gfasfjb
-
MD5
05c418af3900b546df67d3961fb4619b
-
SHA1
868a17d9bd87b94423c3dd0a498a8f32d1ad9190
-
SHA256
fb8affc8c1f3a95e7f365a3e2531ee1925c37f38b76f8370c5aef83d28afcecc
-
SHA512
1ee1af174dd602100bbce2c26f5fbe92d79f814e814646f47306f9b825420827f76aa8b13d3623cbe95227b130cb4ceefd49773ea27fcb2223d901a47ac86886
-
SSDEEP
3072:GqGuXeyXMgAamCj68dZpDzYSY64LA2d0VbYXrrxBX8upAJjv8Y:Ht8nQ5fpDd2SVUXrvXtWv8Y
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
05c418af3900b546df67d3961fb4619b_JaffaCakes118
-
Size
162KB
-
MD5
05c418af3900b546df67d3961fb4619b
-
SHA1
868a17d9bd87b94423c3dd0a498a8f32d1ad9190
-
SHA256
fb8affc8c1f3a95e7f365a3e2531ee1925c37f38b76f8370c5aef83d28afcecc
-
SHA512
1ee1af174dd602100bbce2c26f5fbe92d79f814e814646f47306f9b825420827f76aa8b13d3623cbe95227b130cb4ceefd49773ea27fcb2223d901a47ac86886
-
SSDEEP
3072:GqGuXeyXMgAamCj68dZpDzYSY64LA2d0VbYXrrxBX8upAJjv8Y:Ht8nQ5fpDd2SVUXrvXtWv8Y
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-