General

  • Target

    023ee8eb11171e1a87eb47465d831971_JaffaCakes118

  • Size

    243KB

  • Sample

    240622-p84n4sygjd

  • MD5

    023ee8eb11171e1a87eb47465d831971

  • SHA1

    d79aee8cba0d3ab0ada528e8ae7facb884803c9d

  • SHA256

    eed46908ca61277942d65dcd60d18042e730f9820f98cca5ab56ea7381e42148

  • SHA512

    2369e88258a279486e06f9cda7d3cbd9cc0693d178dcb6d6879a4666c7c501bc0a624202ddd31a3a848b3b633c4f7efc374f738391078d10d5efe028639b4561

  • SSDEEP

    3072:Xf8wNOO5/bHoUYmxF44UkbZEvoAL6Vb1oV2EcD1:Xn5dn4rkWgg6Vb1oIZD

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      023ee8eb11171e1a87eb47465d831971_JaffaCakes118

    • Size

      243KB

    • MD5

      023ee8eb11171e1a87eb47465d831971

    • SHA1

      d79aee8cba0d3ab0ada528e8ae7facb884803c9d

    • SHA256

      eed46908ca61277942d65dcd60d18042e730f9820f98cca5ab56ea7381e42148

    • SHA512

      2369e88258a279486e06f9cda7d3cbd9cc0693d178dcb6d6879a4666c7c501bc0a624202ddd31a3a848b3b633c4f7efc374f738391078d10d5efe028639b4561

    • SSDEEP

      3072:Xf8wNOO5/bHoUYmxF44UkbZEvoAL6Vb1oV2EcD1:Xn5dn4rkWgg6Vb1oIZD

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Windows security bypass

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks