General
-
Target
c23c6cdcaf2503e82ce72f26fc5fe39e_JaffaCakes118
-
Size
410KB
-
Sample
241204-m3hhkstkgx
-
MD5
c23c6cdcaf2503e82ce72f26fc5fe39e
-
SHA1
ca03bdd07c78a635ffa0b2753440f06846d0f2f7
-
SHA256
d3774653a71eaf2a61c5876c5d3d4a19351a3a8285ae62c828fef196cab5c0ae
-
SHA512
2551c26a77aaabeef4d82737173314fc0ad3ce4f86a3bd5df4fd73ae430f6bdc8088f5c266ad58484ff34394b9a977ce9352b641927dc240136892e3364c3d31
-
SSDEEP
3072:Ww7mIgMRQG6pO0TVAwMomXdKDf7vT4CiZ2kx:W2C+AWFN8vT41Z2k
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
c23c6cdcaf2503e82ce72f26fc5fe39e_JaffaCakes118
-
Size
410KB
-
MD5
c23c6cdcaf2503e82ce72f26fc5fe39e
-
SHA1
ca03bdd07c78a635ffa0b2753440f06846d0f2f7
-
SHA256
d3774653a71eaf2a61c5876c5d3d4a19351a3a8285ae62c828fef196cab5c0ae
-
SHA512
2551c26a77aaabeef4d82737173314fc0ad3ce4f86a3bd5df4fd73ae430f6bdc8088f5c266ad58484ff34394b9a977ce9352b641927dc240136892e3364c3d31
-
SSDEEP
3072:Ww7mIgMRQG6pO0TVAwMomXdKDf7vT4CiZ2kx:W2C+AWFN8vT41Z2k
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-