General
-
Target
bd6343ee092d1db1e805257467c5ede6_JaffaCakes118
-
Size
664KB
-
Sample
241203-plkmqavpcz
-
MD5
bd6343ee092d1db1e805257467c5ede6
-
SHA1
221c8c0b806e2e04ddbcbe2d32442ab037f8dc36
-
SHA256
0230a60bbe2eba375c47faa589247283baaded8bc36d7e8e8ca8928e8af7473a
-
SHA512
95766903945a8643a209c03491ff8c3d7ca6125f9fd860bd23e665eda98253d1c888b5a2f1b9a6a90a9fcc5ecdeb9a8c60f08a8dd140278f832f691f4c545b8a
-
SSDEEP
6144:rIN4KH8q7lVdspX4ruPQp7gEByECUgiVAXAADnCRc/smfGSs8pccagsHZv5w9Syl:kTT7vda4ruPo7/EvxX5GR6G98CCCifl
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
bd6343ee092d1db1e805257467c5ede6_JaffaCakes118
-
Size
664KB
-
MD5
bd6343ee092d1db1e805257467c5ede6
-
SHA1
221c8c0b806e2e04ddbcbe2d32442ab037f8dc36
-
SHA256
0230a60bbe2eba375c47faa589247283baaded8bc36d7e8e8ca8928e8af7473a
-
SHA512
95766903945a8643a209c03491ff8c3d7ca6125f9fd860bd23e665eda98253d1c888b5a2f1b9a6a90a9fcc5ecdeb9a8c60f08a8dd140278f832f691f4c545b8a
-
SSDEEP
6144:rIN4KH8q7lVdspX4ruPQp7gEByECUgiVAXAADnCRc/smfGSs8pccagsHZv5w9Syl:kTT7vda4ruPo7/EvxX5GR6G98CCCifl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-