General
-
Target
9a0e6645f3ceb7d70a8627bce6838a25_JaffaCakes118
-
Size
188KB
-
Sample
241125-h9nwqa1qbj
-
MD5
9a0e6645f3ceb7d70a8627bce6838a25
-
SHA1
43d76e08a412b2cef915cd5f0630f8aba7576f33
-
SHA256
d23d9c5dc49cdcf7a13416b35de4f691ff0d77c7b3dcdc661680972623721a07
-
SHA512
4866105fa5de239570243aecc326cab4317b2c2340fa58a1126d77361a2f2a7f695f46adf2c99143ed27ff3d91be941df247d8bfbc927a04a196bba27d251beb
-
SSDEEP
3072:9RgaAb3zidY/5HhbPKRgMR2tr4QPxC2ig81zhR5jShWyIZhsS91IZps8TA4AvFOw:pAb4CbPwgMshRxhTWzr5xywhsS9eU8k3
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
9a0e6645f3ceb7d70a8627bce6838a25_JaffaCakes118
-
Size
188KB
-
MD5
9a0e6645f3ceb7d70a8627bce6838a25
-
SHA1
43d76e08a412b2cef915cd5f0630f8aba7576f33
-
SHA256
d23d9c5dc49cdcf7a13416b35de4f691ff0d77c7b3dcdc661680972623721a07
-
SHA512
4866105fa5de239570243aecc326cab4317b2c2340fa58a1126d77361a2f2a7f695f46adf2c99143ed27ff3d91be941df247d8bfbc927a04a196bba27d251beb
-
SSDEEP
3072:9RgaAb3zidY/5HhbPKRgMR2tr4QPxC2ig81zhR5jShWyIZhsS91IZps8TA4AvFOw:pAb4CbPwgMshRxhTWzr5xywhsS9eU8k3
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-