General
-
Target
8a9cf4c67a46fab4371599b40493a49d_JaffaCakes118
-
Size
96KB
-
Sample
241103-ksqp4azfme
-
MD5
8a9cf4c67a46fab4371599b40493a49d
-
SHA1
87bb75402548708b6bda9002cf4aff3a20cab9d2
-
SHA256
fa9cf8aac2a66deaa73d08829c91862a96e618a357ca81f09ef3b4e15f822cb0
-
SHA512
47d730fba0733f630419113dd6ac27a42084095778f1903028eb0f16a54f76076836d42fda6a9207027c6ad857202809d8b0591babcddd01201d2ddf41b00535
-
SSDEEP
1536:lvyc89wtAfNg3zc59/jCFyU7tGSwSnviM8:9yNwtkNozYpU4SBaN
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
8a9cf4c67a46fab4371599b40493a49d_JaffaCakes118
-
Size
96KB
-
MD5
8a9cf4c67a46fab4371599b40493a49d
-
SHA1
87bb75402548708b6bda9002cf4aff3a20cab9d2
-
SHA256
fa9cf8aac2a66deaa73d08829c91862a96e618a357ca81f09ef3b4e15f822cb0
-
SHA512
47d730fba0733f630419113dd6ac27a42084095778f1903028eb0f16a54f76076836d42fda6a9207027c6ad857202809d8b0591babcddd01201d2ddf41b00535
-
SSDEEP
1536:lvyc89wtAfNg3zc59/jCFyU7tGSwSnviM8:9yNwtkNozYpU4SBaN
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-