General

  • Target

    06a4167806a05e242729e0b081325a15_JaffaCakes118

  • Size

    163KB

  • Sample

    240623-sab3zsvenf

  • MD5

    06a4167806a05e242729e0b081325a15

  • SHA1

    319ac5b1d02337c739d2c403a47b19fbb62901a6

  • SHA256

    e750bd2934a7099fc8aa8ddf24db09b060932848af36a9180466e5bbf0672323

  • SHA512

    e199ac8b8c3b5f39070178e1196b497eca10856776b7b5cbee88a14570861a1624513908cc6a91050c267cf00e7f3af1b07ddf44d9ae642c36d5430d07321e12

  • SSDEEP

    3072:INkkMiukHV4JdICfMgvtulqNEc8NFgkNLO6R2DRTY/LvJzoOGGjT:INLV7C3MMNd2OkZOA2DlYTJzC+T

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      06a4167806a05e242729e0b081325a15_JaffaCakes118

    • Size

      163KB

    • MD5

      06a4167806a05e242729e0b081325a15

    • SHA1

      319ac5b1d02337c739d2c403a47b19fbb62901a6

    • SHA256

      e750bd2934a7099fc8aa8ddf24db09b060932848af36a9180466e5bbf0672323

    • SHA512

      e199ac8b8c3b5f39070178e1196b497eca10856776b7b5cbee88a14570861a1624513908cc6a91050c267cf00e7f3af1b07ddf44d9ae642c36d5430d07321e12

    • SSDEEP

      3072:INkkMiukHV4JdICfMgvtulqNEc8NFgkNLO6R2DRTY/LvJzoOGGjT:INLV7C3MMNd2OkZOA2DlYTJzC+T

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks