General
-
Target
a5c7b29dd01a33ff6a7816bc3090008b_JaffaCakes118
-
Size
155KB
-
Sample
241127-eja1dswka1
-
MD5
a5c7b29dd01a33ff6a7816bc3090008b
-
SHA1
03444eac6ab0df3d0b5f2b21f6b1b6a69e4c50d1
-
SHA256
5e37688a2a872d917d66f0664eb565f5e96567ef52205be2ebc1fb9c5630a38d
-
SHA512
7b0de042066f128dabbf81dabf82b0d47df61adc567295c897bbe1a2910a0ca8f94479b90a7bc58bd82246c8d40d26776fec24a11c710718b3d341af0b551787
-
SSDEEP
3072:+vhhfqviJf2kM5e10wZUahDRJX96JazYo2nKQcKl+a/dvL6/:4/Cg2ve1VZhjXaOYNKQJ+a/Rk
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
a5c7b29dd01a33ff6a7816bc3090008b_JaffaCakes118
-
Size
155KB
-
MD5
a5c7b29dd01a33ff6a7816bc3090008b
-
SHA1
03444eac6ab0df3d0b5f2b21f6b1b6a69e4c50d1
-
SHA256
5e37688a2a872d917d66f0664eb565f5e96567ef52205be2ebc1fb9c5630a38d
-
SHA512
7b0de042066f128dabbf81dabf82b0d47df61adc567295c897bbe1a2910a0ca8f94479b90a7bc58bd82246c8d40d26776fec24a11c710718b3d341af0b551787
-
SSDEEP
3072:+vhhfqviJf2kM5e10wZUahDRJX96JazYo2nKQcKl+a/dvL6/:4/Cg2ve1VZhjXaOYNKQJ+a/Rk
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-