General
-
Target
1829a9a7fe89a912ed77021c1c455b8c_JaffaCakes118
-
Size
566KB
-
Sample
240628-a3lh1stglq
-
MD5
1829a9a7fe89a912ed77021c1c455b8c
-
SHA1
0ae96ddb8dee2461a04fbfcb7e89ccad8b37b567
-
SHA256
050c2957b493f52da6f42bfedddde5337041306f856cca8fe419e0e70669c8f2
-
SHA512
34681d2c27ceae6d52f500f612165b4d52ba2855be8033bdefb5e8d57952f565f089fe6a156bd34ac13f5b82461bbb6db5cc17c30993028564a7aa68f823dfe1
-
SSDEEP
12288:82ynpQ8cr5gk1URVxnDJ8OJqLWsd+HLoM1ICUHLyVMgDy:8dyTgfXcd+HUM1IBryVMgDy
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
1829a9a7fe89a912ed77021c1c455b8c_JaffaCakes118
-
Size
566KB
-
MD5
1829a9a7fe89a912ed77021c1c455b8c
-
SHA1
0ae96ddb8dee2461a04fbfcb7e89ccad8b37b567
-
SHA256
050c2957b493f52da6f42bfedddde5337041306f856cca8fe419e0e70669c8f2
-
SHA512
34681d2c27ceae6d52f500f612165b4d52ba2855be8033bdefb5e8d57952f565f089fe6a156bd34ac13f5b82461bbb6db5cc17c30993028564a7aa68f823dfe1
-
SSDEEP
12288:82ynpQ8cr5gk1URVxnDJ8OJqLWsd+HLoM1ICUHLyVMgDy:8dyTgfXcd+HUM1IBryVMgDy
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Drops file in System32 directory
-