General

  • Target

    081ba9f494c1ed107544756bed278152_JaffaCakes118

  • Size

    57KB

  • Sample

    240620-vrexbasgqm

  • MD5

    081ba9f494c1ed107544756bed278152

  • SHA1

    b671aaf0c11aef5791096c82ca0fbdb600ffae07

  • SHA256

    8359b84ea0cbc6d838d25db230cf5fbd73db8fc7958e75eff8903df27b7f5dd5

  • SHA512

    41a43231afa921a9cf979660defc56c9808d55e9286eb325ef50cb883a79b8e5e03dffaf942bb31b844632831a950f5f53a7dfa213679e0db0dab4c981f0893a

  • SSDEEP

    1536:cupr/iX5BFIdTc12UoNLEDan8/xv4ptzaR/:Jr/iX5w1c1DDGqStw/

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      081ba9f494c1ed107544756bed278152_JaffaCakes118

    • Size

      57KB

    • MD5

      081ba9f494c1ed107544756bed278152

    • SHA1

      b671aaf0c11aef5791096c82ca0fbdb600ffae07

    • SHA256

      8359b84ea0cbc6d838d25db230cf5fbd73db8fc7958e75eff8903df27b7f5dd5

    • SHA512

      41a43231afa921a9cf979660defc56c9808d55e9286eb325ef50cb883a79b8e5e03dffaf942bb31b844632831a950f5f53a7dfa213679e0db0dab4c981f0893a

    • SSDEEP

      1536:cupr/iX5BFIdTc12UoNLEDan8/xv4ptzaR/:Jr/iX5w1c1DDGqStw/

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks