General

  • Target

    25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118

  • Size

    215KB

  • Sample

    240704-we78rstand

  • MD5

    25aee5485680831d3ac9cd91c0a50fc1

  • SHA1

    46a70a31bef6c91505ae33d8f0cf7fb08081d1af

  • SHA256

    d93e3907bcd495ba5bb17ec716b842ee984f3f6455f666163035583079fcdff1

  • SHA512

    32f2fc7242ba1478eaaea424d5ec456b8637b5e0bfe792e26f26ef35c2c5558b3687ab49477db38100da431ae02e03cb9633381c2b27fe257097df250e210ee6

  • SSDEEP

    6144:V6IgzziaycEA8PA+KGS5CdayPdUbHZzkqEvQIcOujsgu50:VMzz8ciEGSIayC5wqXIcOujsG

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      25aee5485680831d3ac9cd91c0a50fc1_JaffaCakes118

    • Size

      215KB

    • MD5

      25aee5485680831d3ac9cd91c0a50fc1

    • SHA1

      46a70a31bef6c91505ae33d8f0cf7fb08081d1af

    • SHA256

      d93e3907bcd495ba5bb17ec716b842ee984f3f6455f666163035583079fcdff1

    • SHA512

      32f2fc7242ba1478eaaea424d5ec456b8637b5e0bfe792e26f26ef35c2c5558b3687ab49477db38100da431ae02e03cb9633381c2b27fe257097df250e210ee6

    • SSDEEP

      6144:V6IgzziaycEA8PA+KGS5CdayPdUbHZzkqEvQIcOujsgu50:VMzz8ciEGSIayC5wqXIcOujsG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks