General

  • Target

    00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118

  • Size

    47KB

  • Sample

    240619-2jae7azajj

  • MD5

    00e93b6e2f202e44c0a4a7c9c52c18aa

  • SHA1

    0f9cda3c5c86f6338105fce6590e37d59c7d5dfb

  • SHA256

    bc512c8393f709719f71781dc7fceeb447d7105f3dbb43269ae31dd645443138

  • SHA512

    dc5af8f8867f94e7092d4654e5e4eb6397e1eab8de78de90a307ccba4b1402554ad1da6865b9520afa8f0ed7d1c25842d6bc01e37173ee108c703a03e9a482ba

  • SSDEEP

    768:q3eo4XFnfnZDT/OvrIGvSOWLXuth2niMQ1zaq1JJCJGV10pzI24/k7bAgIsQ73Rq:q3H4Vn/ZD6vkG/N3L1J7XeF/bfIT7R+/

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      00e93b6e2f202e44c0a4a7c9c52c18aa_JaffaCakes118

    • Size

      47KB

    • MD5

      00e93b6e2f202e44c0a4a7c9c52c18aa

    • SHA1

      0f9cda3c5c86f6338105fce6590e37d59c7d5dfb

    • SHA256

      bc512c8393f709719f71781dc7fceeb447d7105f3dbb43269ae31dd645443138

    • SHA512

      dc5af8f8867f94e7092d4654e5e4eb6397e1eab8de78de90a307ccba4b1402554ad1da6865b9520afa8f0ed7d1c25842d6bc01e37173ee108c703a03e9a482ba

    • SSDEEP

      768:q3eo4XFnfnZDT/OvrIGvSOWLXuth2niMQ1zaq1JJCJGV10pzI24/k7bAgIsQ73Rq:q3H4Vn/ZD6vkG/N3L1J7XeF/bfIT7R+/

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks