General

  • Target

    08452d3d1decdcb90b1ff1191ac91917_JaffaCakes118

  • Size

    93KB

  • Sample

    240620-v4x9esyhqh

  • MD5

    08452d3d1decdcb90b1ff1191ac91917

  • SHA1

    40b477b947d2bfd7b7d1a727c5b0d0851c4036c8

  • SHA256

    fe0aa0ba7eb9fcbd0eedb154a73732a4e914dd64bc6d3a3d0fbad069f349a7f0

  • SHA512

    95109b3ff7b13fabafe4177ebdd7c7311b615e22b86d9c1b1f92fb83d47d7fd1d9c76a228e7a4817e4a3d3c54180bec7b43a66c12ce0cc7da9ea9a3eb12d677e

  • SSDEEP

    1536:xfIuZe3y17vBuq6et/nbfutnrivkqpiUjPgAWwC+dBYSjNhtbKR/dON:hbZQ87lbm9rOLDIf+XYs/lK

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      08452d3d1decdcb90b1ff1191ac91917_JaffaCakes118

    • Size

      93KB

    • MD5

      08452d3d1decdcb90b1ff1191ac91917

    • SHA1

      40b477b947d2bfd7b7d1a727c5b0d0851c4036c8

    • SHA256

      fe0aa0ba7eb9fcbd0eedb154a73732a4e914dd64bc6d3a3d0fbad069f349a7f0

    • SHA512

      95109b3ff7b13fabafe4177ebdd7c7311b615e22b86d9c1b1f92fb83d47d7fd1d9c76a228e7a4817e4a3d3c54180bec7b43a66c12ce0cc7da9ea9a3eb12d677e

    • SSDEEP

      1536:xfIuZe3y17vBuq6et/nbfutnrivkqpiUjPgAWwC+dBYSjNhtbKR/dON:hbZQ87lbm9rOLDIf+XYs/lK

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks