General
-
Target
d405cbd111b4a196778c6c453ab40e61_JaffaCakes118
-
Size
541KB
-
Sample
241207-2t4rsaykes
-
MD5
d405cbd111b4a196778c6c453ab40e61
-
SHA1
9a609a5827f5a811598e6cc4386682e49425a5b4
-
SHA256
d78cc91b4370028a87762130489bef98d98c6a88c446b7cf6715a205951689ad
-
SHA512
9b38f937fb5ee696ff71d007f0f3383e2a3a651a304ce7046947e46dac11636862df65be0e95ae85aa6cd194dcc49b5f57a3c4712415b2dace8b095dc5061697
-
SSDEEP
12288:ADeq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:An5rwgxG6TSPGEU7VqvLFyIna
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d405cbd111b4a196778c6c453ab40e61_JaffaCakes118
-
Size
541KB
-
MD5
d405cbd111b4a196778c6c453ab40e61
-
SHA1
9a609a5827f5a811598e6cc4386682e49425a5b4
-
SHA256
d78cc91b4370028a87762130489bef98d98c6a88c446b7cf6715a205951689ad
-
SHA512
9b38f937fb5ee696ff71d007f0f3383e2a3a651a304ce7046947e46dac11636862df65be0e95ae85aa6cd194dcc49b5f57a3c4712415b2dace8b095dc5061697
-
SSDEEP
12288:ADeq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:An5rwgxG6TSPGEU7VqvLFyIna
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-