General
-
Target
fb4c111ddf3fdc6a5b7ffe7073816562_JaffaCakes118
-
Size
383KB
-
Sample
240419-2a2s3sha84
-
MD5
fb4c111ddf3fdc6a5b7ffe7073816562
-
SHA1
3b027b3dc3357fddc43fd1c2ac5f75e8453c6712
-
SHA256
45ae919666be18fbb9a86eba7731513b8ba187252392cf68f5846e925955f2c8
-
SHA512
ecd3cae9f128cc8e43911a93b436c894cbfbc35bee431036aee6bebcd0f4930abc8bc846cde17ac0eb62f90d4418dbdc9317a845ee3a4a694e81596a252d0fc1
-
SSDEEP
6144:Kmrid57rT9V2kWI3G7smpC3bJ544hI0J4lZWp70BsoH8qEZ+C01k4pdvODymlhkY:Km2v7HT3stpOy/lZWkcJ+CqFODycaC
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
fb4c111ddf3fdc6a5b7ffe7073816562_JaffaCakes118
-
Size
383KB
-
MD5
fb4c111ddf3fdc6a5b7ffe7073816562
-
SHA1
3b027b3dc3357fddc43fd1c2ac5f75e8453c6712
-
SHA256
45ae919666be18fbb9a86eba7731513b8ba187252392cf68f5846e925955f2c8
-
SHA512
ecd3cae9f128cc8e43911a93b436c894cbfbc35bee431036aee6bebcd0f4930abc8bc846cde17ac0eb62f90d4418dbdc9317a845ee3a4a694e81596a252d0fc1
-
SSDEEP
6144:Kmrid57rT9V2kWI3G7smpC3bJ544hI0J4lZWp70BsoH8qEZ+C01k4pdvODymlhkY:Km2v7HT3stpOy/lZWkcJ+CqFODycaC
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Disables taskbar notifications via registry modification
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1