General

  • Target

    26cf2e3331c449ce00052580b9edc486_JaffaCakes118

  • Size

    132KB

  • Sample

    240705-k5nfhaybkc

  • MD5

    26cf2e3331c449ce00052580b9edc486

  • SHA1

    ec7102fd563a2c27da29b1818d5bcf269fb57314

  • SHA256

    660fd3686ae8931dc161cafa764e73a19eb7f6805aadaa6a42de281bf9d730a6

  • SHA512

    692f33c5d347557640c1780c3e476665a3d9920e56e95ee9eda27ba4393d3ba5533338abc64cf90be822b600f5955d46b1d99040fcb7cb0e0ddccd5fd06ea671

  • SSDEEP

    1536:B8oEQMz0ID9hobMPgllEvxLaWc4gvYGcGSzd5BbYoQLcEXKO5x7SEP9fSEhKxYHd:F3tIZhobMgEvxLaaGuz/OKmNJP9ZR7a

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      26cf2e3331c449ce00052580b9edc486_JaffaCakes118

    • Size

      132KB

    • MD5

      26cf2e3331c449ce00052580b9edc486

    • SHA1

      ec7102fd563a2c27da29b1818d5bcf269fb57314

    • SHA256

      660fd3686ae8931dc161cafa764e73a19eb7f6805aadaa6a42de281bf9d730a6

    • SHA512

      692f33c5d347557640c1780c3e476665a3d9920e56e95ee9eda27ba4393d3ba5533338abc64cf90be822b600f5955d46b1d99040fcb7cb0e0ddccd5fd06ea671

    • SSDEEP

      1536:B8oEQMz0ID9hobMPgllEvxLaWc4gvYGcGSzd5BbYoQLcEXKO5x7SEP9fSEhKxYHd:F3tIZhobMgEvxLaaGuz/OKmNJP9ZR7a

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks