General
-
Target
ff62d945af719b9ebd0c54ec2d395ea3_JaffaCakes118
-
Size
1.2MB
-
Sample
241219-lt45jsyrht
-
MD5
ff62d945af719b9ebd0c54ec2d395ea3
-
SHA1
ac4f17d6e7681d2e833ffd9b8aa52bf2a90bfa3b
-
SHA256
1161eccd3bacb08b97081712c058c021f5d89757b51b237008b5a75dfa965921
-
SHA512
f7ce5e55a4df55c174e1c8b32843f0c286959e3f98c902a030039953e9bc0a732398b40dd4f4ecf6e7adbf2adfea700c4ebb07ba92b84684262c074a79a10deb
-
SSDEEP
12288:fR5dhuGRBTJkjkjVcXRUXETz3UQHS9ZeRepaA5jAJIq:fRXRvjVOUXK3ewRepaAa
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
ff62d945af719b9ebd0c54ec2d395ea3_JaffaCakes118
-
Size
1.2MB
-
MD5
ff62d945af719b9ebd0c54ec2d395ea3
-
SHA1
ac4f17d6e7681d2e833ffd9b8aa52bf2a90bfa3b
-
SHA256
1161eccd3bacb08b97081712c058c021f5d89757b51b237008b5a75dfa965921
-
SHA512
f7ce5e55a4df55c174e1c8b32843f0c286959e3f98c902a030039953e9bc0a732398b40dd4f4ecf6e7adbf2adfea700c4ebb07ba92b84684262c074a79a10deb
-
SSDEEP
12288:fR5dhuGRBTJkjkjVcXRUXETz3UQHS9ZeRepaA5jAJIq:fRXRvjVOUXK3ewRepaAa
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-