General

  • Target

    01b44dac1a96187bac00987104cd6dae_JaffaCakes118

  • Size

    115KB

  • Sample

    240622-mqhyksyclp

  • MD5

    01b44dac1a96187bac00987104cd6dae

  • SHA1

    a0550e12999baa22a96b60684597b7725503cf33

  • SHA256

    91d66c85f81834d91cafb1af72537703406b6bdd9f26400f05ce3ff5447e87f2

  • SHA512

    dfcd2c1583d8c68b93987152785eda8a0fb1f5c4e1d093d8ae3a6302836fb4a1354e4e78101837c3fe6b0d430992377020c905f35c8039dbf893a5a58df6be59

  • SSDEEP

    3072:Cf8wNOO5/bHoUYmxF44UkbZEvoAVlcRfeIuAZymH1Ztw:Cn5dn4rkWgucRfehuj

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      01b44dac1a96187bac00987104cd6dae_JaffaCakes118

    • Size

      115KB

    • MD5

      01b44dac1a96187bac00987104cd6dae

    • SHA1

      a0550e12999baa22a96b60684597b7725503cf33

    • SHA256

      91d66c85f81834d91cafb1af72537703406b6bdd9f26400f05ce3ff5447e87f2

    • SHA512

      dfcd2c1583d8c68b93987152785eda8a0fb1f5c4e1d093d8ae3a6302836fb4a1354e4e78101837c3fe6b0d430992377020c905f35c8039dbf893a5a58df6be59

    • SSDEEP

      3072:Cf8wNOO5/bHoUYmxF44UkbZEvoAVlcRfeIuAZymH1Ztw:Cn5dn4rkWgucRfehuj

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Windows security bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks