General
-
Target
JaffaCakes118_96536de14b03217a0cb4d13ee9b2e343
-
Size
64KB
-
Sample
250329-ymjlgsyrv7
-
MD5
96536de14b03217a0cb4d13ee9b2e343
-
SHA1
0e03954d496efd5667402f2795799870e19d24e4
-
SHA256
8c6ca558745c40e0b710e800da6a759149a58ec1971e89e4820ef5c889caee0a
-
SHA512
bdc45806292912950aa28391b44a6df93361065824057cfed66f1ec0fd3f94aaaab8a2e64c94fecd4e571f84d64ec513cb67a4be47a9206bcb0e517e6119044f
-
SSDEEP
1536:JmOH4+TcTpkcs699GkqX8IG9lOg8GA+EfNgnJpf:JINkcsCBXlOMzRnJZ
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_96536de14b03217a0cb4d13ee9b2e343
-
Size
64KB
-
MD5
96536de14b03217a0cb4d13ee9b2e343
-
SHA1
0e03954d496efd5667402f2795799870e19d24e4
-
SHA256
8c6ca558745c40e0b710e800da6a759149a58ec1971e89e4820ef5c889caee0a
-
SHA512
bdc45806292912950aa28391b44a6df93361065824057cfed66f1ec0fd3f94aaaab8a2e64c94fecd4e571f84d64ec513cb67a4be47a9206bcb0e517e6119044f
-
SSDEEP
1536:JmOH4+TcTpkcs699GkqX8IG9lOg8GA+EfNgnJpf:JINkcsCBXlOMzRnJZ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2