General
-
Target
JaffaCakes118_959987f86626f122b33d302b1fb90329
-
Size
511KB
-
Sample
250329-yfyrtswry7
-
MD5
959987f86626f122b33d302b1fb90329
-
SHA1
af0a5d31020cf2ad7fb71f12b8177b9a946880b5
-
SHA256
2bd3ede27a7ba18559ffae7a33d75546e103e802b599a67353b1c89cc35246f9
-
SHA512
9cca749d14c997117ec207bf2fb99369e586cc0ede1fe6da1560ff2cc82881249468025591b0af97d86893073b18e2411eeb8528f2ca4209ca243b31d589971e
-
SSDEEP
12288:cIFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:coesOIK/2kgS2TyctTnT3+
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_959987f86626f122b33d302b1fb90329
-
Size
511KB
-
MD5
959987f86626f122b33d302b1fb90329
-
SHA1
af0a5d31020cf2ad7fb71f12b8177b9a946880b5
-
SHA256
2bd3ede27a7ba18559ffae7a33d75546e103e802b599a67353b1c89cc35246f9
-
SHA512
9cca749d14c997117ec207bf2fb99369e586cc0ede1fe6da1560ff2cc82881249468025591b0af97d86893073b18e2411eeb8528f2ca4209ca243b31d589971e
-
SSDEEP
12288:cIFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:coesOIK/2kgS2TyctTnT3+
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Drops file in Drivers directory
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-