General
-
Target
f3f025de4af900300b7070b63980b4ff_JaffaCakes118
-
Size
32KB
-
Sample
241215-pcnb9atmas
-
MD5
f3f025de4af900300b7070b63980b4ff
-
SHA1
39416f80cbe54d641e8533e005264f2fd1b85f25
-
SHA256
019029d03d9726f5ba3206f0e4aae9414c7d301dd9d8fbe4527e3b5e609abb0c
-
SHA512
33cd7169ac34cc7e482872c497fabb4d98452f96f1a3919aa62f1831ce9b96268fd1dddeb23b7817b33c2b58b84cd99bcca4a8220909e1180ed66d25f0b3f668
-
SSDEEP
768:XTlZgICDGYpAMir1e3lOfXOp5KEEK7Hg7iqaATldPi7Nd/naITaVXJKD8y06xByL:jlZgICjyk1OfXOp5XEK7Hg7i+Tbi7j/k
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
f3f025de4af900300b7070b63980b4ff_JaffaCakes118
-
Size
32KB
-
MD5
f3f025de4af900300b7070b63980b4ff
-
SHA1
39416f80cbe54d641e8533e005264f2fd1b85f25
-
SHA256
019029d03d9726f5ba3206f0e4aae9414c7d301dd9d8fbe4527e3b5e609abb0c
-
SHA512
33cd7169ac34cc7e482872c497fabb4d98452f96f1a3919aa62f1831ce9b96268fd1dddeb23b7817b33c2b58b84cd99bcca4a8220909e1180ed66d25f0b3f668
-
SSDEEP
768:XTlZgICDGYpAMir1e3lOfXOp5KEEK7Hg7iqaATldPi7Nd/naITaVXJKD8y06xByL:jlZgICjyk1OfXOp5XEK7Hg7i+Tbi7j/k
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-