General

  • Target

    0115104a9d002f584068b8d0855d3cec_JaffaCakes118

  • Size

    46KB

  • Sample

    240622-d3lqkawcld

  • MD5

    0115104a9d002f584068b8d0855d3cec

  • SHA1

    2ce8c40b027d6a7d347e4fa3a89c90459a28efc6

  • SHA256

    c72bb3de03c05eaf2edf3a8ba92ec7cb5779b8af050a7e945b942c61c1f56f05

  • SHA512

    b43cbd4b6e37942b931733788ef450afef68c7988d79c17a945196088ff891b625dd60cffcd8b9865169a2cfa80c939de9e22165079a47b5cb9a064149f8e18d

  • SSDEEP

    768:CXaCzMbYGQvFm3wVok8gqpO6iVIHa/zy8POPo1lwU4DeF80yZ:CXagMBkKhjqIHcWQPwUi10yZ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0115104a9d002f584068b8d0855d3cec_JaffaCakes118

    • Size

      46KB

    • MD5

      0115104a9d002f584068b8d0855d3cec

    • SHA1

      2ce8c40b027d6a7d347e4fa3a89c90459a28efc6

    • SHA256

      c72bb3de03c05eaf2edf3a8ba92ec7cb5779b8af050a7e945b942c61c1f56f05

    • SHA512

      b43cbd4b6e37942b931733788ef450afef68c7988d79c17a945196088ff891b625dd60cffcd8b9865169a2cfa80c939de9e22165079a47b5cb9a064149f8e18d

    • SSDEEP

      768:CXaCzMbYGQvFm3wVok8gqpO6iVIHa/zy8POPo1lwU4DeF80yZ:CXagMBkKhjqIHcWQPwUi10yZ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks