General

  • Target

    07786af484910b83e5d1a703fcc78a7d_JaffaCakes118

  • Size

    166KB

  • Sample

    240620-tbcatavhre

  • MD5

    07786af484910b83e5d1a703fcc78a7d

  • SHA1

    9a02cc979781606cdc17594018738b40f8753443

  • SHA256

    84027a6a3706c9a534a3bde965a7f328b11175d49036cb4cca03e3e5ec7cae46

  • SHA512

    1c296e339fc6b60ecdfe6efb742e55cf6bb6decc00ced260d4a65796228bcf77e010e452cfe9a153ade43b528dbfa0a74c340fc766ef8262450f8a15c2dc2f8f

  • SSDEEP

    1536:uvzeEKYKMrwkqEt23XSLg146R6eXGeIArIi8x5OfPotdERcpKuZFST1BXItc2DoD:uLqEt236W46Tp2ioMPRcKwm3kknMw

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      07786af484910b83e5d1a703fcc78a7d_JaffaCakes118

    • Size

      166KB

    • MD5

      07786af484910b83e5d1a703fcc78a7d

    • SHA1

      9a02cc979781606cdc17594018738b40f8753443

    • SHA256

      84027a6a3706c9a534a3bde965a7f328b11175d49036cb4cca03e3e5ec7cae46

    • SHA512

      1c296e339fc6b60ecdfe6efb742e55cf6bb6decc00ced260d4a65796228bcf77e010e452cfe9a153ade43b528dbfa0a74c340fc766ef8262450f8a15c2dc2f8f

    • SSDEEP

      1536:uvzeEKYKMrwkqEt23XSLg146R6eXGeIArIi8x5OfPotdERcpKuZFST1BXItc2DoD:uLqEt236W46Tp2ioMPRcKwm3kknMw

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks