General

  • Target

    0264a4c736afdac898048967f6e05ee0_JaffaCakes118

  • Size

    825KB

  • Sample

    240622-qtd1kszekg

  • MD5

    0264a4c736afdac898048967f6e05ee0

  • SHA1

    81ad468d49af92e4d7a58ec45dc366d5fcce8d1e

  • SHA256

    e5f995804c3fdb5042f89fa43c5af9d67ad794b9c9fcd85eddd11be467599627

  • SHA512

    d50b197ebb81d70946ce45ef5c78b609f5819ea4901a2ac1f501ab80e61a2fc70aa4d5c694a9bc25102def3ab3b7c1d49e8aa04667116a924b27a59038ba043f

  • SSDEEP

    12288:1XrHTWz5AkGaOTTAPWwC3kAH4cdzG7Qd0ynYaJflJy2jhFR5Nl3s2r3eIYQ5yw:djCV0TbL37YKSaJf221F/82r3eJQn

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      0264a4c736afdac898048967f6e05ee0_JaffaCakes118

    • Size

      825KB

    • MD5

      0264a4c736afdac898048967f6e05ee0

    • SHA1

      81ad468d49af92e4d7a58ec45dc366d5fcce8d1e

    • SHA256

      e5f995804c3fdb5042f89fa43c5af9d67ad794b9c9fcd85eddd11be467599627

    • SHA512

      d50b197ebb81d70946ce45ef5c78b609f5819ea4901a2ac1f501ab80e61a2fc70aa4d5c694a9bc25102def3ab3b7c1d49e8aa04667116a924b27a59038ba043f

    • SSDEEP

      12288:1XrHTWz5AkGaOTTAPWwC3kAH4cdzG7Qd0ynYaJflJy2jhFR5Nl3s2r3eIYQ5yw:djCV0TbL37YKSaJf221F/82r3eJQn

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks