General

  • Target

    086dbfe27b7ea7bdd2e935d0df439059_JaffaCakes118

  • Size

    251KB

  • Sample

    240624-pct5ssvejl

  • MD5

    086dbfe27b7ea7bdd2e935d0df439059

  • SHA1

    1d7e7d8613b13dfc611fe73dc6b2a66b92b723e1

  • SHA256

    0d3371b889d3b308ea8759c39a49c1e165bb2d7609ad56fd02cdb7ebabad0744

  • SHA512

    0b12623a5fd9c6a60d78dd3da8c43d8c5b8573cfd689f04400ad95ba57910b24a1e793ab63ef992d6e30964def806b9ad0d8c4f7afee25ef773b042e687b2b5c

  • SSDEEP

    6144:tAuSfZEiVCDjiAGWfF0ehyNqsiqXUHY8B+e7HxkjWpBQ:auSxEisvysFNrsiqt8B+e7HxMcBQ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      086dbfe27b7ea7bdd2e935d0df439059_JaffaCakes118

    • Size

      251KB

    • MD5

      086dbfe27b7ea7bdd2e935d0df439059

    • SHA1

      1d7e7d8613b13dfc611fe73dc6b2a66b92b723e1

    • SHA256

      0d3371b889d3b308ea8759c39a49c1e165bb2d7609ad56fd02cdb7ebabad0744

    • SHA512

      0b12623a5fd9c6a60d78dd3da8c43d8c5b8573cfd689f04400ad95ba57910b24a1e793ab63ef992d6e30964def806b9ad0d8c4f7afee25ef773b042e687b2b5c

    • SSDEEP

      6144:tAuSfZEiVCDjiAGWfF0ehyNqsiqXUHY8B+e7HxkjWpBQ:auSxEisvysFNrsiqt8B+e7HxMcBQ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks