General

  • Target

    0796f817fc4bcb2bee3bfceb18a3092c_JaffaCakes118

  • Size

    169KB

  • Sample

    240620-tld76awdqf

  • MD5

    0796f817fc4bcb2bee3bfceb18a3092c

  • SHA1

    1a46aa82f79c9620ea7c761ec62ecde0b97d6f9d

  • SHA256

    42348930a7201814f30a0b9dbd596fe62693301973be8c91db9616b3a24aaa9a

  • SHA512

    0580adf3028cecf0644ab6ad6f9f1fc4133ca2459167ed38eaa72736614914c90d7117f51a5ab43e81ea801ae4037b1b1e9edd61536b8701dd8811caa0bf65ba

  • SSDEEP

    3072:k6vP1RMoX6+fjMiJxX4Nz6158GKE/S+ThPKYAsngIr9oJGX:ke1RMOfjMGxo1615hVNAsngk2JW

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0796f817fc4bcb2bee3bfceb18a3092c_JaffaCakes118

    • Size

      169KB

    • MD5

      0796f817fc4bcb2bee3bfceb18a3092c

    • SHA1

      1a46aa82f79c9620ea7c761ec62ecde0b97d6f9d

    • SHA256

      42348930a7201814f30a0b9dbd596fe62693301973be8c91db9616b3a24aaa9a

    • SHA512

      0580adf3028cecf0644ab6ad6f9f1fc4133ca2459167ed38eaa72736614914c90d7117f51a5ab43e81ea801ae4037b1b1e9edd61536b8701dd8811caa0bf65ba

    • SSDEEP

      3072:k6vP1RMoX6+fjMiJxX4Nz6158GKE/S+ThPKYAsngIr9oJGX:ke1RMOfjMGxo1615hVNAsngk2JW

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks