General

  • Target

    06c9b17a98b700df01617f69191069bf_JaffaCakes118

  • Size

    391KB

  • Sample

    240620-rp6epssbla

  • MD5

    06c9b17a98b700df01617f69191069bf

  • SHA1

    708d0ee9807a9972c1eebce71f5ff60da98e1f88

  • SHA256

    797db1d9d9208bb7973c98665b4574c6176a6c0eb93cf89e2c0efd081268f76a

  • SHA512

    e5d3aab9c45e5a13c2b04b93245cfae06b8f13595bd37d05203b627f593ae39f59b0097af31b1327b2994aac2da482189b0b07a43a5f415a043afe1627baf5b7

  • SSDEEP

    12288:/43GR0a1dTdxGmnOorhqGgaebLi7n6DxG9:VDdTH79hoaD76Dk

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      06c9b17a98b700df01617f69191069bf_JaffaCakes118

    • Size

      391KB

    • MD5

      06c9b17a98b700df01617f69191069bf

    • SHA1

      708d0ee9807a9972c1eebce71f5ff60da98e1f88

    • SHA256

      797db1d9d9208bb7973c98665b4574c6176a6c0eb93cf89e2c0efd081268f76a

    • SHA512

      e5d3aab9c45e5a13c2b04b93245cfae06b8f13595bd37d05203b627f593ae39f59b0097af31b1327b2994aac2da482189b0b07a43a5f415a043afe1627baf5b7

    • SSDEEP

      12288:/43GR0a1dTdxGmnOorhqGgaebLi7n6DxG9:VDdTH79hoaD76Dk

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks