General

  • Target

    06a7007fa3decee59c7dcd3f33fba149_JaffaCakes118

  • Size

    46KB

  • Sample

    240623-sbyy5svfje

  • MD5

    06a7007fa3decee59c7dcd3f33fba149

  • SHA1

    cc8f569e0802b79a5d7a93d8c91bdb8ae72f2638

  • SHA256

    99cef7cb569f9ded3a6386a3fd84e8d2f8051ecf8aa347aa443cdaf425ec5844

  • SHA512

    f70f44c832e620e67fb34470bfb99173244d40c59d335d3ad27f8ca65ef5ac20682ce2b64221430fcc96a501b4f66dbfc2a19adb96ae11c06193a453dd0ed2a0

  • SSDEEP

    768:aKXYZk7JeaIOGvskfFYPSJ/CCjgH8lqkXJUPhrTuCWpPl7+NPZqnl5V:30k7JGskfiPXCJq26op97OPknTV

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      06a7007fa3decee59c7dcd3f33fba149_JaffaCakes118

    • Size

      46KB

    • MD5

      06a7007fa3decee59c7dcd3f33fba149

    • SHA1

      cc8f569e0802b79a5d7a93d8c91bdb8ae72f2638

    • SHA256

      99cef7cb569f9ded3a6386a3fd84e8d2f8051ecf8aa347aa443cdaf425ec5844

    • SHA512

      f70f44c832e620e67fb34470bfb99173244d40c59d335d3ad27f8ca65ef5ac20682ce2b64221430fcc96a501b4f66dbfc2a19adb96ae11c06193a453dd0ed2a0

    • SSDEEP

      768:aKXYZk7JeaIOGvskfFYPSJ/CCjgH8lqkXJUPhrTuCWpPl7+NPZqnl5V:30k7JGskfiPXCJq26op97OPknTV

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks