General
-
Target
a8daa4f3111c5aa6c21a3c0ac67968c9_JaffaCakes118
-
Size
560KB
-
Sample
241127-vp753synbq
-
MD5
a8daa4f3111c5aa6c21a3c0ac67968c9
-
SHA1
41001b0359cbc0bec0fa6e39b888de14a186f289
-
SHA256
1adb08c84494b15cdb7830cc1fbf690e31f22d5eacb6fb16c9396c0139b67b29
-
SHA512
f163cf9bbdb23e8e8e97b1cfaae5b0b7c334b8bc96dbfacf0da5e205e4d13b032a93de43679a6e4ab237a1732576972453cca4d9e210818f1f686d9d11c463ee
-
SSDEEP
12288:m/cdJ4raKxeQ9tEl9r5mZkxAjH7BWZSJy6FRotthxN:m/cH4zi9N8aAz7hRIPN
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
a8daa4f3111c5aa6c21a3c0ac67968c9_JaffaCakes118
-
Size
560KB
-
MD5
a8daa4f3111c5aa6c21a3c0ac67968c9
-
SHA1
41001b0359cbc0bec0fa6e39b888de14a186f289
-
SHA256
1adb08c84494b15cdb7830cc1fbf690e31f22d5eacb6fb16c9396c0139b67b29
-
SHA512
f163cf9bbdb23e8e8e97b1cfaae5b0b7c334b8bc96dbfacf0da5e205e4d13b032a93de43679a6e4ab237a1732576972453cca4d9e210818f1f686d9d11c463ee
-
SSDEEP
12288:m/cdJ4raKxeQ9tEl9r5mZkxAjH7BWZSJy6FRotthxN:m/cH4zi9N8aAz7hRIPN
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Drops file in System32 directory
-