General

  • Target

    09242c9ee4b66dc51fa6c40bf1b7776b_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240620-yazf6sybpr

  • MD5

    09242c9ee4b66dc51fa6c40bf1b7776b

  • SHA1

    0809ca376976c06b8ccd23759b694a9b9ccd5aae

  • SHA256

    35469fb62284fd41d8a9771042a11b9700620c4b9466f51d5a065653039064f9

  • SHA512

    66d0bf07675a8b268458677c756c3a0a837d4d490c766e55e7a438515cbbf38a600d46a37bcffb85d7a1d4bd61b871c744e6120f4bf6483d4c2628393448c852

  • SSDEEP

    49152:HuH31ej4BZ9PpYY2+E4lorhtEC80ZOOGEyAX3RrTrEtJb5M4:W1Ff9BYo2tt/80UOG+3RrnO

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      09242c9ee4b66dc51fa6c40bf1b7776b_JaffaCakes118

    • Size

      1.9MB

    • MD5

      09242c9ee4b66dc51fa6c40bf1b7776b

    • SHA1

      0809ca376976c06b8ccd23759b694a9b9ccd5aae

    • SHA256

      35469fb62284fd41d8a9771042a11b9700620c4b9466f51d5a065653039064f9

    • SHA512

      66d0bf07675a8b268458677c756c3a0a837d4d490c766e55e7a438515cbbf38a600d46a37bcffb85d7a1d4bd61b871c744e6120f4bf6483d4c2628393448c852

    • SSDEEP

      49152:HuH31ej4BZ9PpYY2+E4lorhtEC80ZOOGEyAX3RrTrEtJb5M4:W1Ff9BYo2tt/80UOG+3RrnO

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks