General

  • Target

    0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118

  • Size

    50KB

  • Sample

    240621-j51v6asfjd

  • MD5

    0a73abbf4d1badf83344b5e085ee9b24

  • SHA1

    3f453068f0c1a0e5fab20b7933ec93d58c0b1071

  • SHA256

    86f906e1342dc1e1bbfa15358cfad2bd41143459974bc300b6e98bf7b4b8f69e

  • SHA512

    6d96fd4ec1cea248a47e7864f99dd036ee136b823c6612392b1be485aac4e756dbff4cab3d505239862b6e98cc50b5ff37b419427bf943cb7847e1e9e9eec149

  • SSDEEP

    768:gRkBqdwOEZaSnctBLK/5w7XGjYf03T3u8mD:gRzw/ZaSnctBK/uXG0S3uz

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0a73abbf4d1badf83344b5e085ee9b24_JaffaCakes118

    • Size

      50KB

    • MD5

      0a73abbf4d1badf83344b5e085ee9b24

    • SHA1

      3f453068f0c1a0e5fab20b7933ec93d58c0b1071

    • SHA256

      86f906e1342dc1e1bbfa15358cfad2bd41143459974bc300b6e98bf7b4b8f69e

    • SHA512

      6d96fd4ec1cea248a47e7864f99dd036ee136b823c6612392b1be485aac4e756dbff4cab3d505239862b6e98cc50b5ff37b419427bf943cb7847e1e9e9eec149

    • SSDEEP

      768:gRkBqdwOEZaSnctBLK/5w7XGjYf03T3u8mD:gRzw/ZaSnctBK/uXG0S3uz

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Tasks