General

  • Target

    0008d6d7ea0571daf5b451985095b9ca_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240619-xgw4yswhnd

  • MD5

    0008d6d7ea0571daf5b451985095b9ca

  • SHA1

    e6049ce2a34a0197e3eb60317db4c89ad8d6d40e

  • SHA256

    a259e50b3a0ab5abd711455cbcec62c0bfbcbda112a7cad719466dc494e285f5

  • SHA512

    af0611cc26796c11466f9d67d9e269c247532fbbf708922708bf1eb8e1628bd33b85af702796031f4d64844888b3a2f9239d3e932813239c2aea482ddff4a21d

  • SSDEEP

    3072:AjodC9zXKsmIgJ2sRwPPShW/Y4BKdSuZaszu42gP959w+Z+OlmNREHfRDc5y:codE6nwyhw/tK4/N4Z+xr5

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      0008d6d7ea0571daf5b451985095b9ca_JaffaCakes118

    • Size

      1.2MB

    • MD5

      0008d6d7ea0571daf5b451985095b9ca

    • SHA1

      e6049ce2a34a0197e3eb60317db4c89ad8d6d40e

    • SHA256

      a259e50b3a0ab5abd711455cbcec62c0bfbcbda112a7cad719466dc494e285f5

    • SHA512

      af0611cc26796c11466f9d67d9e269c247532fbbf708922708bf1eb8e1628bd33b85af702796031f4d64844888b3a2f9239d3e932813239c2aea482ddff4a21d

    • SSDEEP

      3072:AjodC9zXKsmIgJ2sRwPPShW/Y4BKdSuZaszu42gP959w+Z+OlmNREHfRDc5y:codE6nwyhw/tK4/N4Z+xr5

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Tasks