General
-
Target
ba8a46d6910ea0e5b6958d330df95846_JaffaCakes118
-
Size
216KB
-
Sample
241202-2p3c6awrdz
-
MD5
ba8a46d6910ea0e5b6958d330df95846
-
SHA1
7bb2e84a2016bae7673ae2d4e1a10893576590c0
-
SHA256
1db293f665a0457f1bf241b351dc7e4b92c9c2538a9b6ec61dbf79e97cf80305
-
SHA512
99844529382cd059d84dbfc02bb817f784c01531c6a55a94e264844793882af084658b60f106e41a59cb063c7e13fcb46befce1fe6d4450a8c3875845ed93649
-
SSDEEP
3072:P7PYO4HB1NxoMnmgnbd4UyAA5pJCiV8xC7813q57SytpwjdwmFc68Vq:TuHoMmISAg2iVYq5HqjdwmG6cq
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ba8a46d6910ea0e5b6958d330df95846_JaffaCakes118
-
Size
216KB
-
MD5
ba8a46d6910ea0e5b6958d330df95846
-
SHA1
7bb2e84a2016bae7673ae2d4e1a10893576590c0
-
SHA256
1db293f665a0457f1bf241b351dc7e4b92c9c2538a9b6ec61dbf79e97cf80305
-
SHA512
99844529382cd059d84dbfc02bb817f784c01531c6a55a94e264844793882af084658b60f106e41a59cb063c7e13fcb46befce1fe6d4450a8c3875845ed93649
-
SSDEEP
3072:P7PYO4HB1NxoMnmgnbd4UyAA5pJCiV8xC7813q57SytpwjdwmFc68Vq:TuHoMmISAg2iVYq5HqjdwmG6cq
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-