General
-
Target
98eb26bec28f35187e31b850d656341d_JaffaCakes118
-
Size
480KB
-
Sample
241125-dyx8ss1rem
-
MD5
98eb26bec28f35187e31b850d656341d
-
SHA1
f1cb8b90fbd0a64d772fd61999e9de23cb2f28ae
-
SHA256
1a42794fe431746daeacdbf8cbadba8fe282099b6421a47fa4c4e5d64d5552b2
-
SHA512
a9485c461ee03aaacaf9b0027979089beef5cf61c85342a108ef1fbc63f6b47b059e9b94234b832b82fb0028ccc7f49efdf476253c3975742e28fb67c103f743
-
SSDEEP
6144:+wVPqTSTVFhaae3OR3wxJXSMaAA4OUi1DZyRn5ERmnfN/05YacxIBnn8H2QYvM4v:Txfw3OR3cdAV51ch5ERa/3nxIl4i6A
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
98eb26bec28f35187e31b850d656341d_JaffaCakes118
-
Size
480KB
-
MD5
98eb26bec28f35187e31b850d656341d
-
SHA1
f1cb8b90fbd0a64d772fd61999e9de23cb2f28ae
-
SHA256
1a42794fe431746daeacdbf8cbadba8fe282099b6421a47fa4c4e5d64d5552b2
-
SHA512
a9485c461ee03aaacaf9b0027979089beef5cf61c85342a108ef1fbc63f6b47b059e9b94234b832b82fb0028ccc7f49efdf476253c3975742e28fb67c103f743
-
SSDEEP
6144:+wVPqTSTVFhaae3OR3wxJXSMaAA4OUi1DZyRn5ERmnfN/05YacxIBnn8H2QYvM4v:Txfw3OR3cdAV51ch5ERa/3nxIl4i6A
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-