General

  • Target

    033978a659dc664d1411cd737fae0201_JaffaCakes118

  • Size

    4.6MB

  • Sample

    240622-wctycs1fjr

  • MD5

    033978a659dc664d1411cd737fae0201

  • SHA1

    fe9f9f23329e0a56f3deb225ea835fac2d9900e1

  • SHA256

    647499a6f001676732aad9b85b2045e0375b1e2005891772eb190bd21b01022c

  • SHA512

    100b535b57052e21a24a610373cdaba8c813c4e41e60f95d506da20e75f7cbfcfe1674989423d65a0278a083641c2c25ff3c822e924986342c84085a6dbafa26

  • SSDEEP

    3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      033978a659dc664d1411cd737fae0201_JaffaCakes118

    • Size

      4.6MB

    • MD5

      033978a659dc664d1411cd737fae0201

    • SHA1

      fe9f9f23329e0a56f3deb225ea835fac2d9900e1

    • SHA256

      647499a6f001676732aad9b85b2045e0375b1e2005891772eb190bd21b01022c

    • SHA512

      100b535b57052e21a24a610373cdaba8c813c4e41e60f95d506da20e75f7cbfcfe1674989423d65a0278a083641c2c25ff3c822e924986342c84085a6dbafa26

    • SSDEEP

      3072:xYVlF22d/HAMt0WSt+/x3y6dykvOCVwOU3R4KyslRzXtDm+t6V:ydd/HAMt0Lt8xuQV1UBXy+zXtDmU6

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Windows security bypass

    • Modifies Windows Firewall

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks