General

  • Target

    2597fef3521a6e95b68b17de972898cb_JaffaCakes118

  • Size

    485KB

  • Sample

    240704-vgztqszbrm

  • MD5

    2597fef3521a6e95b68b17de972898cb

  • SHA1

    b360e70b65ba38aba1b754221c820487bb0c2338

  • SHA256

    0e0fdd23417c75d5be7d7b3ffc60231253412cdf740a1ec40fe7e5cac95ab4da

  • SHA512

    e659ed62f6fe81cb22e0d77fc9a3dea6a616ddf2f464843e52acf1552ecd6259b6aa3f37c526fab0a03697eaf72f820418a9ee6c94de0ba16a0cdaa66b7c8bfe

  • SSDEEP

    12288:7ReCXbFcHAc9r5pmcrIW+61dTdxGmnOY/7:48FSJDm7fMdTH75/7

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      2597fef3521a6e95b68b17de972898cb_JaffaCakes118

    • Size

      485KB

    • MD5

      2597fef3521a6e95b68b17de972898cb

    • SHA1

      b360e70b65ba38aba1b754221c820487bb0c2338

    • SHA256

      0e0fdd23417c75d5be7d7b3ffc60231253412cdf740a1ec40fe7e5cac95ab4da

    • SHA512

      e659ed62f6fe81cb22e0d77fc9a3dea6a616ddf2f464843e52acf1552ecd6259b6aa3f37c526fab0a03697eaf72f820418a9ee6c94de0ba16a0cdaa66b7c8bfe

    • SSDEEP

      12288:7ReCXbFcHAc9r5pmcrIW+61dTdxGmnOY/7:48FSJDm7fMdTH75/7

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks