General

  • Target

    29731285b48fd6b1e8c6f9ee9327fbb4_JaffaCakes118

  • Size

    162KB

  • Sample

    240706-2jhfssxcmh

  • MD5

    29731285b48fd6b1e8c6f9ee9327fbb4

  • SHA1

    c2e2cdcf73ca785c138477ccf82c05a78a021398

  • SHA256

    6940be58cc50cddb8fcae2f5b33b3c0116c14915d960444ceaa5064301a32aa6

  • SHA512

    d1360358e84b36f2424ceb1e2441c4ea730c87607581b53288096b642ac7fb33f119b9056b4cbd62afb1a25bb769e67d37ee57e7087a101e3071816d12074922

  • SSDEEP

    3072:QQZGSra1ZZYh8oEVyF01uFkC5JHteIsAI9QlXpbolry/3hCny1UwQQwQQwQQwQQa:QDS4IaSO1uFkC577NCny1R

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      29731285b48fd6b1e8c6f9ee9327fbb4_JaffaCakes118

    • Size

      162KB

    • MD5

      29731285b48fd6b1e8c6f9ee9327fbb4

    • SHA1

      c2e2cdcf73ca785c138477ccf82c05a78a021398

    • SHA256

      6940be58cc50cddb8fcae2f5b33b3c0116c14915d960444ceaa5064301a32aa6

    • SHA512

      d1360358e84b36f2424ceb1e2441c4ea730c87607581b53288096b642ac7fb33f119b9056b4cbd62afb1a25bb769e67d37ee57e7087a101e3071816d12074922

    • SSDEEP

      3072:QQZGSra1ZZYh8oEVyF01uFkC5JHteIsAI9QlXpbolry/3hCny1UwQQwQQwQQwQQa:QDS4IaSO1uFkC577NCny1R

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks