General
-
Target
ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118
-
Size
365KB
-
Sample
241213-sk2rdstpem
-
MD5
ec1a2d23f6ec819a7632b9d2d6c91362
-
SHA1
905e747b6d952ee409204539712acd38922aa3d3
-
SHA256
df33462acb9302bae07bb86056d1c577488a77263a09fd1935d2550891c32064
-
SHA512
d0ab5310273cc46a82eee0ca9dd6472ba641f041a81e9a160a4d2e796bd3584604d387cc73fb6bb8b6fc211ed7600735a0e71781b0c9643e5fdba634c2c936d8
-
SSDEEP
6144:xX2GVkaeqSnWxzYDIK/CvtSXQfM/c2BZu7SBJad21waqCkVKXU0F+R38HbqiByqL:xzkzHsK/AsQfM/lXEOad2elKX+tybqpK
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118
-
Size
365KB
-
MD5
ec1a2d23f6ec819a7632b9d2d6c91362
-
SHA1
905e747b6d952ee409204539712acd38922aa3d3
-
SHA256
df33462acb9302bae07bb86056d1c577488a77263a09fd1935d2550891c32064
-
SHA512
d0ab5310273cc46a82eee0ca9dd6472ba641f041a81e9a160a4d2e796bd3584604d387cc73fb6bb8b6fc211ed7600735a0e71781b0c9643e5fdba634c2c936d8
-
SSDEEP
6144:xX2GVkaeqSnWxzYDIK/CvtSXQfM/c2BZu7SBJad21waqCkVKXU0F+R38HbqiByqL:xzkzHsK/AsQfM/lXEOad2elKX+tybqpK
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-