General
-
Target
d200d14878a0974ec759b121d3c8e0c5_JaffaCakes118
-
Size
169KB
-
Sample
241207-mlhr1strcr
-
MD5
d200d14878a0974ec759b121d3c8e0c5
-
SHA1
c38549b417a73ee3432767b8d7df24db0cb3e060
-
SHA256
dbd30132a67b0e6e14e627e6cc772fa8a5b17c448c465335a7b0d433d863e6c1
-
SHA512
8a26de4c097b592655ee83dcc0297692e24ba5822a1b9f62582146e5c502094a3edacbff071c28612fc8d9b53311380e4d885cb44ff3544df6c096bf26230957
-
SSDEEP
3072:p6OlBRo5nJuZK3gT6QQQP3S4KpWOBG1oNbWgBGy7pq3JKvskT+9rcB:hB8JuZA+OE8NbWiG0A8s8+9QB
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d200d14878a0974ec759b121d3c8e0c5_JaffaCakes118
-
Size
169KB
-
MD5
d200d14878a0974ec759b121d3c8e0c5
-
SHA1
c38549b417a73ee3432767b8d7df24db0cb3e060
-
SHA256
dbd30132a67b0e6e14e627e6cc772fa8a5b17c448c465335a7b0d433d863e6c1
-
SHA512
8a26de4c097b592655ee83dcc0297692e24ba5822a1b9f62582146e5c502094a3edacbff071c28612fc8d9b53311380e4d885cb44ff3544df6c096bf26230957
-
SSDEEP
3072:p6OlBRo5nJuZK3gT6QQQP3S4KpWOBG1oNbWgBGy7pq3JKvskT+9rcB:hB8JuZA+OE8NbWiG0A8s8+9QB
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-