General

  • Target

    07029261383a82c871f679a28656d878_JaffaCakes118

  • Size

    164KB

  • Sample

    240620-r89lgatamf

  • MD5

    07029261383a82c871f679a28656d878

  • SHA1

    ecd571b0dc6e6f538d19c00356810f2e5868a47e

  • SHA256

    d760a642ebc4848e9969253b11faabb09e67aa6001a8029dfdad46e9bdd58dc6

  • SHA512

    2af099b82eccb20e9abb03d10e199b8db2ee6e98c6c0f8eeaecaaf6e3069d8764aae964a4ce61aa26253c0722e9857d55e9f69b5a132b42751600a429460be6c

  • SSDEEP

    3072:1uJ3aPnNpErmTd+x1P+NLbiTC52aqSjYP0Ar/+AcT5b0zdHA:1s0n0mp+zP+oC0rSO6zgA

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      07029261383a82c871f679a28656d878_JaffaCakes118

    • Size

      164KB

    • MD5

      07029261383a82c871f679a28656d878

    • SHA1

      ecd571b0dc6e6f538d19c00356810f2e5868a47e

    • SHA256

      d760a642ebc4848e9969253b11faabb09e67aa6001a8029dfdad46e9bdd58dc6

    • SHA512

      2af099b82eccb20e9abb03d10e199b8db2ee6e98c6c0f8eeaecaaf6e3069d8764aae964a4ce61aa26253c0722e9857d55e9f69b5a132b42751600a429460be6c

    • SSDEEP

      3072:1uJ3aPnNpErmTd+x1P+NLbiTC52aqSjYP0Ar/+AcT5b0zdHA:1s0n0mp+zP+oC0rSO6zgA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks