General
-
Target
JaffaCakes118_0139a7026e76e6abe3803ec2af9d3c32
-
Size
142KB
-
Sample
250121-b8gmpaznhz
-
MD5
0139a7026e76e6abe3803ec2af9d3c32
-
SHA1
4a0b5f5a78e33e44845fc264a025575b3ecc313a
-
SHA256
dd12d2b96c255447445ce7a898b9c6b598a1d19c06efd4d48d85fbe48344343a
-
SHA512
6b74f9061ff4f523611c2f64f65364bdfff7553ee77d3948dd999a2fc91a5480c6a54320748408da3c073d3417393b8e990e03181a5cbddc889eaad53913e8b1
-
SSDEEP
3072:D5hcEnHi4Zn7MWAxNIm1EJHiU/q8hzWhaN6SpRQTgjcKA8mNata:vcqHie1m1EJHW8ViaLRXN+ga
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_0139a7026e76e6abe3803ec2af9d3c32
-
Size
142KB
-
MD5
0139a7026e76e6abe3803ec2af9d3c32
-
SHA1
4a0b5f5a78e33e44845fc264a025575b3ecc313a
-
SHA256
dd12d2b96c255447445ce7a898b9c6b598a1d19c06efd4d48d85fbe48344343a
-
SHA512
6b74f9061ff4f523611c2f64f65364bdfff7553ee77d3948dd999a2fc91a5480c6a54320748408da3c073d3417393b8e990e03181a5cbddc889eaad53913e8b1
-
SSDEEP
3072:D5hcEnHi4Zn7MWAxNIm1EJHiU/q8hzWhaN6SpRQTgjcKA8mNata:vcqHie1m1EJHW8ViaLRXN+ga
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-