General
-
Target
98c215d5b1fc5f78b4882a38ba7cb45f_JaffaCakes118
-
Size
253KB
-
Sample
241125-dbdwmszpgk
-
MD5
98c215d5b1fc5f78b4882a38ba7cb45f
-
SHA1
5d757bdd7a3d40e83d5f4a4322e4b177e71dd3dc
-
SHA256
1de5a788fdc0542b84a38a30bb1b901ccec7571229bcdc58394ea3446a2dbc89
-
SHA512
099ce24727eb06aed65e6f61a3c478c3b73ced855db3845101f1160614ea6b3803ab1fc59e1ef58e752ce55e5d606f6317f94f2e0aac1f7a7136040267bff2e6
-
SSDEEP
6144:7n9Q5Av4QZtYm6rni9AfYVeHGKZpvvbhTYXugnX5re:j9Q5c4QZqBrOAfNHhPbhTibJ
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
98c215d5b1fc5f78b4882a38ba7cb45f_JaffaCakes118
-
Size
253KB
-
MD5
98c215d5b1fc5f78b4882a38ba7cb45f
-
SHA1
5d757bdd7a3d40e83d5f4a4322e4b177e71dd3dc
-
SHA256
1de5a788fdc0542b84a38a30bb1b901ccec7571229bcdc58394ea3446a2dbc89
-
SHA512
099ce24727eb06aed65e6f61a3c478c3b73ced855db3845101f1160614ea6b3803ab1fc59e1ef58e752ce55e5d606f6317f94f2e0aac1f7a7136040267bff2e6
-
SSDEEP
6144:7n9Q5Av4QZtYm6rni9AfYVeHGKZpvvbhTYXugnX5re:j9Q5c4QZqBrOAfNHhPbhTibJ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-