General
-
Target
d27fb6dac19567bb4819d91d619a3093_JaffaCakes118
-
Size
81KB
-
Sample
241207-pwz56asnby
-
MD5
d27fb6dac19567bb4819d91d619a3093
-
SHA1
165bf252c76c7cf0ad40a81ba1dc1c73fffc70ce
-
SHA256
ea67e325327cf7222c1334f89a39c9d47561107750c35c8a461d25628ac3776b
-
SHA512
6bd8e1da33ddeac41c6f2a51f410b701d99f50d64353331459bd5827bebd90651e5e5d6ff22e3802228d38e4039eec179b91b0bae6f9e1211961dafd54f35f0b
-
SSDEEP
1536:w1rF28bkKUItsLuworgRHn64wauMGmSApmKk80ZFfx:+5RwJVwauMGmsXZxx
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d27fb6dac19567bb4819d91d619a3093_JaffaCakes118
-
Size
81KB
-
MD5
d27fb6dac19567bb4819d91d619a3093
-
SHA1
165bf252c76c7cf0ad40a81ba1dc1c73fffc70ce
-
SHA256
ea67e325327cf7222c1334f89a39c9d47561107750c35c8a461d25628ac3776b
-
SHA512
6bd8e1da33ddeac41c6f2a51f410b701d99f50d64353331459bd5827bebd90651e5e5d6ff22e3802228d38e4039eec179b91b0bae6f9e1211961dafd54f35f0b
-
SSDEEP
1536:w1rF28bkKUItsLuworgRHn64wauMGmSApmKk80ZFfx:+5RwJVwauMGmsXZxx
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1