Overview
overview
10Static
static
10Merchant C...or.exe
windows7-x64
10Merchant C...or.exe
windows10-2004-x64
10Merchant C...or.dll
windows7-x64
3Merchant C...or.dll
windows10-2004-x64
3Merchant C...or.exe
windows7-x64
6Merchant C...or.exe
windows10-2004-x64
1Merchant C...or.dll
windows7-x64
1Merchant C...or.dll
windows10-2004-x64
3General
-
Target
00bdfb79d51bc86c47a7b5b24caf66ac_JaffaCakes118
-
Size
395KB
-
Sample
240622-b9cecs1hrb
-
MD5
00bdfb79d51bc86c47a7b5b24caf66ac
-
SHA1
4f857c70084b299f0daea81cff5b7da9257ab411
-
SHA256
8345a4e04b105eba426233545a67642d5f036b08ac7bf13a4961127b2ae1900a
-
SHA512
4a53257665503af52d6a460e742a1e0ea2bc1c42e17a7e4fe88877c77b1a5221611dfbc96aeba05f34b67c88b841c7808f2123719ebdb0c566b15ddc61b50cee
-
SSDEEP
6144:xVg35m4O59/PkphwpR1k7GgMwgd9qt7ZMKHaUnvkij+xWTILH0Xt3oHwg:x6O55dR1fgjU4VXbciSxWTWH0duD
Behavioral task
behavioral1
Sample
Merchant Canceller 1.0/Injector.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Merchant Canceller 1.0/Injector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Merchant Canceller 1.0/Merchantinator.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Merchant Canceller 1.0/Merchantinator.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Injector.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Injector.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Merchantinator.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Merchantinator.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
213.64.73.162:4444
Targets
-
-
Target
Merchant Canceller 1.0/Injector.exe
-
Size
122KB
-
MD5
7cf358b3df6f2b378fe6bddcae44a930
-
SHA1
a53f211f9a80b1956fa28c995ba1b99be856fc22
-
SHA256
584445127be636d382ba893af6e2acc2bd53182bbfcc6a8e0488ebeffdace632
-
SHA512
919e776a2bdcc2ec68bb8ab6f9be3997c6386361bc882093594acec5fdf7519252651a4f47ec41e1bf53ac376e720eb44a66fe6a3e3a967519d6b244236a1f87
-
SSDEEP
1536:IFtvhucEboSMXUudS5gcTejoMb+KR0Nc8Qs1UY1EjzJYWDVZaoq3XEl:6tv9EboDbqgye8e0Nc8QsoY6aNUl
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
-
-
Target
Merchant Canceller 1.0/Merchantinator.dll
-
Size
48KB
-
MD5
4ebb47d2d60c6fd3e9b324e1a3a9aee9
-
SHA1
0bdf4cf785b9396f864eb321f219b0b0726f3856
-
SHA256
2c77a840143b3642da28d3eb1d34c631e674475ef6ce775668f94ee06c8526f9
-
SHA512
f001b39e1983f2137b92695df49bf52141b94600309409beee6b73c76a09d13125c4cb233456fee4f1cdc76adf071fdbe24cf8efb1a5f4387cb373fffa05e9e8
-
SSDEEP
768:dggXIpl73v1ny+5AuGQmqaEstl2TLJAKGefmwsdhRlyQDuzJvOZn+2D:aN73vhjAuUqaWLuKGefmwsdhJuxOZtD
Score3/10 -
-
-
Target
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Injector.exe
-
Size
296KB
-
MD5
844d0b343bca1e3490d8e4b754056d7e
-
SHA1
8cc2508831f4ed4dc26829adcfd6ffe49eb4bd84
-
SHA256
c2cb507d86f3803bb2d7d5d72e5a0c50409b1e936ad158c70f36ad14522b82bf
-
SHA512
bc68cacd592055521fd314c9f3643c3c8503d3bdafa3ca6e1b096f45de0f8c8fa29b03a4e44591caf1efd76426edb05fc3dcbb70f16786e94398db8fd97d1054
-
SSDEEP
6144:Vkt82J7rPs+Nq1bUkziu1n9fcg6wvP6bQ7yMP+DE827fg4ZiP1v/:VU82J7rE+NaQkz7x9fcg76b7MP+Dd2sV
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Merchantinator.dll
-
Size
48KB
-
MD5
4ebb47d2d60c6fd3e9b324e1a3a9aee9
-
SHA1
0bdf4cf785b9396f864eb321f219b0b0726f3856
-
SHA256
2c77a840143b3642da28d3eb1d34c631e674475ef6ce775668f94ee06c8526f9
-
SHA512
f001b39e1983f2137b92695df49bf52141b94600309409beee6b73c76a09d13125c4cb233456fee4f1cdc76adf071fdbe24cf8efb1a5f4387cb373fffa05e9e8
-
SSDEEP
768:dggXIpl73v1ny+5AuGQmqaEstl2TLJAKGefmwsdhRlyQDuzJvOZn+2D:aN73vhjAuUqaWLuKGefmwsdhJuxOZtD
Score3/10 -