General

  • Target

    0906672756dce01e23b0148977a25903_JaffaCakes118

  • Size

    60KB

  • Sample

    240620-xzzykaxerm

  • MD5

    0906672756dce01e23b0148977a25903

  • SHA1

    3cb09003a49ce93b1a832f8ffe5bdcec7856439b

  • SHA256

    c57cf616f9f504c2add92a3b36452c06004e9a35bff4b4c2e0e33dd1c32731dc

  • SHA512

    08dbee7e98ed44e7ef9b8fd703b40e4b1c913e60db66e1264b15b15b69f8042c252f7ebff21ce678371782779576b8f9f4278116cc486d12e6375f03de33aed0

  • SSDEEP

    1536:Yvw1dBlhfoglsS0sjjZW3TrTWzCjedyngyWq/V:YY1HoQsJYW3TrTWzmf

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0906672756dce01e23b0148977a25903_JaffaCakes118

    • Size

      60KB

    • MD5

      0906672756dce01e23b0148977a25903

    • SHA1

      3cb09003a49ce93b1a832f8ffe5bdcec7856439b

    • SHA256

      c57cf616f9f504c2add92a3b36452c06004e9a35bff4b4c2e0e33dd1c32731dc

    • SHA512

      08dbee7e98ed44e7ef9b8fd703b40e4b1c913e60db66e1264b15b15b69f8042c252f7ebff21ce678371782779576b8f9f4278116cc486d12e6375f03de33aed0

    • SSDEEP

      1536:Yvw1dBlhfoglsS0sjjZW3TrTWzCjedyngyWq/V:YY1HoQsJYW3TrTWzmf

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Tasks