General

  • Target

    2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118

  • Size

    116KB

  • Sample

    240704-1cgp9asdlf

  • MD5

    2647cac2fdf6f73ccf10caeda92b594f

  • SHA1

    d1d6e9548ed88bb03fe45b0d36572ee0f3c10ed5

  • SHA256

    bedf00dd91cdd0fdc2182d2fd67ea29ed428975be7b6de243c1ea81a3d9c92b1

  • SHA512

    7e1d4360acd7dd059b6baf16eae25c3db4abba07f88ee43f7ce340adb5feff8e4fcf320bd7488e1e4e3a0e2f602d8b167623475c736fb503f71baff1381e0024

  • SSDEEP

    3072:hwsRj+fN6YYhXB3qo+ESyj8SvxH7YaanzAk:2zfN6L3qJEXj8SpHRIZ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      2647cac2fdf6f73ccf10caeda92b594f_JaffaCakes118

    • Size

      116KB

    • MD5

      2647cac2fdf6f73ccf10caeda92b594f

    • SHA1

      d1d6e9548ed88bb03fe45b0d36572ee0f3c10ed5

    • SHA256

      bedf00dd91cdd0fdc2182d2fd67ea29ed428975be7b6de243c1ea81a3d9c92b1

    • SHA512

      7e1d4360acd7dd059b6baf16eae25c3db4abba07f88ee43f7ce340adb5feff8e4fcf320bd7488e1e4e3a0e2f602d8b167623475c736fb503f71baff1381e0024

    • SSDEEP

      3072:hwsRj+fN6YYhXB3qo+ESyj8SvxH7YaanzAk:2zfN6L3qJEXj8SpHRIZ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks