General
-
Target
9f6794837645fe3688d5de07f46f7be9_JaffaCakes118
-
Size
715KB
-
Sample
241126-dbzhcaxkar
-
MD5
9f6794837645fe3688d5de07f46f7be9
-
SHA1
a43682222fa9cf11ddf1516e054840ded0ee5c02
-
SHA256
69e9474c5313523741330cf99e6eabdc7dd4ed3bbb38a0f0eee7d4873072aa86
-
SHA512
477d49425cbc9d164280ec488471c4261816132dc20545feedf235e20e8dba610003314bb886ee3296fc3c42eca61d510d4288f1df1dea239cf394a5b178cfd5
-
SSDEEP
12288:qaaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYG:DUMtt3+4YwbgCWalKvXNMpznpRTr94TL
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
9f6794837645fe3688d5de07f46f7be9_JaffaCakes118
-
Size
715KB
-
MD5
9f6794837645fe3688d5de07f46f7be9
-
SHA1
a43682222fa9cf11ddf1516e054840ded0ee5c02
-
SHA256
69e9474c5313523741330cf99e6eabdc7dd4ed3bbb38a0f0eee7d4873072aa86
-
SHA512
477d49425cbc9d164280ec488471c4261816132dc20545feedf235e20e8dba610003314bb886ee3296fc3c42eca61d510d4288f1df1dea239cf394a5b178cfd5
-
SSDEEP
12288:qaaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYG:DUMtt3+4YwbgCWalKvXNMpznpRTr94TL
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-