General
-
Target
d392ac090591df46727a9fa8b8988e14_JaffaCakes118
-
Size
154KB
-
Sample
241207-zrfk3aymek
-
MD5
d392ac090591df46727a9fa8b8988e14
-
SHA1
16e07eae431abd76dc7e4fd1a5ffb1a16701e3a5
-
SHA256
f5d16e0ce939d7a58fe58500015320c962abca9f188e4d48503a67db858adb67
-
SHA512
92da8420045b92ca6edff8f93db947ec43f09911f6b05ebe6cbd7d087e2e6dac527e8a29fd9d2c00bf57c0ae52bf2afa4e13054b6a430bdaa739428e1e9f9c67
-
SSDEEP
3072:WyehhK/H/wwmUnAntBnYnGLx11/WiN01/Kv:yhcfowGuG/1/WiN5
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
d392ac090591df46727a9fa8b8988e14_JaffaCakes118
-
Size
154KB
-
MD5
d392ac090591df46727a9fa8b8988e14
-
SHA1
16e07eae431abd76dc7e4fd1a5ffb1a16701e3a5
-
SHA256
f5d16e0ce939d7a58fe58500015320c962abca9f188e4d48503a67db858adb67
-
SHA512
92da8420045b92ca6edff8f93db947ec43f09911f6b05ebe6cbd7d087e2e6dac527e8a29fd9d2c00bf57c0ae52bf2afa4e13054b6a430bdaa739428e1e9f9c67
-
SSDEEP
3072:WyehhK/H/wwmUnAntBnYnGLx11/WiN01/Kv:yhcfowGuG/1/WiN5
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-