General
-
Target
df3ebbd747838b88de37c7dcf96ca408_JaffaCakes118
-
Size
197KB
-
Sample
241211-a9cvfsslgq
-
MD5
df3ebbd747838b88de37c7dcf96ca408
-
SHA1
ee5946bb7b98027b5078e1fee5ac9d8d404f3bb0
-
SHA256
135a032c74799dfc2f5086d47e0a47685be81849d7a7e8886e072e4e180413ce
-
SHA512
fcabcbf5eea9c43fcffd80f574d9e84eeb307e2e7f20aff70f02b10ff62f1814ed6f1305233440109bf2e95351fbbfb5794be74dbb311bdddc573cc03bdd5ebe
-
SSDEEP
3072:8XG+uJi5O4zgRHPLRMFDb8Z4yl+U7CxCYItGKTNyn846yCN54TNPVD9utP6f+3:8W6AqCljYE5yn/6yQOTF7utP6fW
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
df3ebbd747838b88de37c7dcf96ca408_JaffaCakes118
-
Size
197KB
-
MD5
df3ebbd747838b88de37c7dcf96ca408
-
SHA1
ee5946bb7b98027b5078e1fee5ac9d8d404f3bb0
-
SHA256
135a032c74799dfc2f5086d47e0a47685be81849d7a7e8886e072e4e180413ce
-
SHA512
fcabcbf5eea9c43fcffd80f574d9e84eeb307e2e7f20aff70f02b10ff62f1814ed6f1305233440109bf2e95351fbbfb5794be74dbb311bdddc573cc03bdd5ebe
-
SSDEEP
3072:8XG+uJi5O4zgRHPLRMFDb8Z4yl+U7CxCYItGKTNyn846yCN54TNPVD9utP6f+3:8W6AqCljYE5yn/6yQOTF7utP6fW
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-