General

  • Target

    297bc466a0c6ce45b1d8cf31807191ce_JaffaCakes118

  • Size

    84KB

  • Sample

    240706-2rq3xaxgja

  • MD5

    297bc466a0c6ce45b1d8cf31807191ce

  • SHA1

    6150faf2b60581aaffcc6ce18a0c0be21c68c35c

  • SHA256

    c5602f2eead5efe95729db19a8fe964ea981cb70f1716177bba2369ea28a5841

  • SHA512

    a3193a09baad52a3ea250b6c0d4344410a9e6babcbeb3cc6552ba9a4562c6ccd1f8686dc7f7881a88a00c9b0c8d021443295aad7308d701dadf452749003cf6f

  • SSDEEP

    1536:gz2vDSGLajorInCVPf0ZQbk4wtDqEc0oajbR8tUHK56BuY7d:prSJjorInCVkSbuqZnapaYs7YJ

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      297bc466a0c6ce45b1d8cf31807191ce_JaffaCakes118

    • Size

      84KB

    • MD5

      297bc466a0c6ce45b1d8cf31807191ce

    • SHA1

      6150faf2b60581aaffcc6ce18a0c0be21c68c35c

    • SHA256

      c5602f2eead5efe95729db19a8fe964ea981cb70f1716177bba2369ea28a5841

    • SHA512

      a3193a09baad52a3ea250b6c0d4344410a9e6babcbeb3cc6552ba9a4562c6ccd1f8686dc7f7881a88a00c9b0c8d021443295aad7308d701dadf452749003cf6f

    • SSDEEP

      1536:gz2vDSGLajorInCVPf0ZQbk4wtDqEc0oajbR8tUHK56BuY7d:prSJjorInCVkSbuqZnapaYs7YJ

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks