General

  • Target

    068b4aef730210460d24ae0490b8006c_JaffaCakes118

  • Size

    46KB

  • Sample

    240620-q26qka1ane

  • MD5

    068b4aef730210460d24ae0490b8006c

  • SHA1

    4cd49bae9ba2f42c2149c2ff14c5905227c15d6b

  • SHA256

    5bec128209ad6be65fdb39c1a0e2ba795f9879461b2a085e3204f5389083cfbe

  • SHA512

    b3830a192d70e295af386044f9d0dcd8df33385ded988e1bb37c7c69ae9270b988f38101cee41c289e37cbad20e02e4e5d0f42fd93336f0c8a8360d28c2af41e

  • SSDEEP

    768:Frq01BmfRsNOCKQbBGg6Fsscs9fnghQDgwua7xyZfnA6iyIy0gmTy9bT9:FrqdRoBdD6Z51ng8gwOZ9iyIy0gme

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      068b4aef730210460d24ae0490b8006c_JaffaCakes118

    • Size

      46KB

    • MD5

      068b4aef730210460d24ae0490b8006c

    • SHA1

      4cd49bae9ba2f42c2149c2ff14c5905227c15d6b

    • SHA256

      5bec128209ad6be65fdb39c1a0e2ba795f9879461b2a085e3204f5389083cfbe

    • SHA512

      b3830a192d70e295af386044f9d0dcd8df33385ded988e1bb37c7c69ae9270b988f38101cee41c289e37cbad20e02e4e5d0f42fd93336f0c8a8360d28c2af41e

    • SSDEEP

      768:Frq01BmfRsNOCKQbBGg6Fsscs9fnghQDgwua7xyZfnA6iyIy0gmTy9bT9:FrqdRoBdD6Z51ng8gwOZ9iyIy0gme

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Tasks