General
-
Target
JaffaCakes118_98513d260023a0cb3667f2e8dac81c4f
-
Size
1.4MB
-
Sample
250330-hdrmqs11fz
-
MD5
98513d260023a0cb3667f2e8dac81c4f
-
SHA1
189be40083f151d30b3c588accdc23ea6c2f5075
-
SHA256
2925a43bce9b41922ab001e421806ef21ae443d4f1eda68639a9b155d5dfb29e
-
SHA512
6eb37009bd8f8145ad9378c87605a6f0195ceed56213bc7d17bef6a78ef6889900442b8f38fb9bd44f780beaa7d7e328b51a2885c141414810a91f0d930a3f27
-
SSDEEP
24576:TQ7ceaRuHmGB7h+4E42P/M2euPuKpxLD2DgDQj9VEH2nyYtLDwI9T9aA/gfsc5E+:6g0Jl+4E42c2euWKpxLD2UDG9Ve2yuIp
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_98513d260023a0cb3667f2e8dac81c4f
-
Size
1.4MB
-
MD5
98513d260023a0cb3667f2e8dac81c4f
-
SHA1
189be40083f151d30b3c588accdc23ea6c2f5075
-
SHA256
2925a43bce9b41922ab001e421806ef21ae443d4f1eda68639a9b155d5dfb29e
-
SHA512
6eb37009bd8f8145ad9378c87605a6f0195ceed56213bc7d17bef6a78ef6889900442b8f38fb9bd44f780beaa7d7e328b51a2885c141414810a91f0d930a3f27
-
SSDEEP
24576:TQ7ceaRuHmGB7h+4E42P/M2euPuKpxLD2DgDQj9VEH2nyYtLDwI9T9aA/gfsc5E+:6g0Jl+4E42c2euWKpxLD2UDG9Ve2yuIp
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-