General

  • Target

    09a106c7b87678866f8eccd3629a0a14_JaffaCakes118

  • Size

    80KB

  • Sample

    240620-1vx5ysshrr

  • MD5

    09a106c7b87678866f8eccd3629a0a14

  • SHA1

    d56463efd14a645f9b6271389da08050986857de

  • SHA256

    6172fd3befc96423cc162630f7c05666f0f4680313a88b1b982a0e0e92280b22

  • SHA512

    a933def205945604c8ea06d6f1f8508148813f9ccb01e35f4f9d394678d66c8ec994cac83f139e38c98944bb97655b1a412565598b1693acecf27e64162e1169

  • SSDEEP

    1536:Fwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Fwhzy8fhi8w2dHALE5hSlMzbX9NG

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      09a106c7b87678866f8eccd3629a0a14_JaffaCakes118

    • Size

      80KB

    • MD5

      09a106c7b87678866f8eccd3629a0a14

    • SHA1

      d56463efd14a645f9b6271389da08050986857de

    • SHA256

      6172fd3befc96423cc162630f7c05666f0f4680313a88b1b982a0e0e92280b22

    • SHA512

      a933def205945604c8ea06d6f1f8508148813f9ccb01e35f4f9d394678d66c8ec994cac83f139e38c98944bb97655b1a412565598b1693acecf27e64162e1169

    • SSDEEP

      1536:Fwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Fwhzy8fhi8w2dHALE5hSlMzbX9NG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Tasks