General

  • Target

    00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118

  • Size

    532KB

  • Sample

    240619-1zybhsybkq

  • MD5

    00c6f606fa8482405c7ee2bcb4de4818

  • SHA1

    354d8792f2d52b0139f6d452130c8510e0484f00

  • SHA256

    7fed56513a518daa3520469b8ea681087f4e601b21ced4bb25564d75d9b37358

  • SHA512

    e869863aa200810226ee87717c4dcd70ecdf5d4bd83d7b236c4e9e2cca99cd9e01913f47a233e58536c8c5cf4eb889f73796c4a1717c1d149a812ad9ac262276

  • SSDEEP

    12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      00c6f606fa8482405c7ee2bcb4de4818_JaffaCakes118

    • Size

      532KB

    • MD5

      00c6f606fa8482405c7ee2bcb4de4818

    • SHA1

      354d8792f2d52b0139f6d452130c8510e0484f00

    • SHA256

      7fed56513a518daa3520469b8ea681087f4e601b21ced4bb25564d75d9b37358

    • SHA512

      e869863aa200810226ee87717c4dcd70ecdf5d4bd83d7b236c4e9e2cca99cd9e01913f47a233e58536c8c5cf4eb889f73796c4a1717c1d149a812ad9ac262276

    • SSDEEP

      12288:3iYv5bpOsXGZc36keHMHFPRD2MzedARika7OJilGDM/kY7kvj:3iYrOBi6MHFg+eCS8G6M/Ry

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Tasks