General

  • Target

    064c3c93421311787f9d070ef54625e2_JaffaCakes118

  • Size

    245KB

  • Sample

    240623-qwyg1awejp

  • MD5

    064c3c93421311787f9d070ef54625e2

  • SHA1

    4b6964eb8d40d0fe77c6bbac1021df0802dde18f

  • SHA256

    5acd44b4c0226c3a2d99360a24c0fab0a46fa61b32760d83a2e21fc288c140c3

  • SHA512

    220de3cbbfe493695309580a70fb924b26bc4da825b796224f270010576fee824257112761f33de70e9ef36e26e5de0bd011532bd0176f0b75ac44778bd15585

  • SSDEEP

    6144:0Nq/UM3wBidJoNsys3YSKCmC3G9lisOdvXP5Az1W:0NJM3SimNulh29eP5A

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      064c3c93421311787f9d070ef54625e2_JaffaCakes118

    • Size

      245KB

    • MD5

      064c3c93421311787f9d070ef54625e2

    • SHA1

      4b6964eb8d40d0fe77c6bbac1021df0802dde18f

    • SHA256

      5acd44b4c0226c3a2d99360a24c0fab0a46fa61b32760d83a2e21fc288c140c3

    • SHA512

      220de3cbbfe493695309580a70fb924b26bc4da825b796224f270010576fee824257112761f33de70e9ef36e26e5de0bd011532bd0176f0b75ac44778bd15585

    • SSDEEP

      6144:0Nq/UM3wBidJoNsys3YSKCmC3G9lisOdvXP5Az1W:0NJM3SimNulh29eP5A

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks