General

  • Target

    297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118

  • Size

    114KB

  • Sample

    240706-2sx8lsxgmh

  • MD5

    297d328be2ffbfaf58b141c26cb20cfa

  • SHA1

    e50e69255c75d52ed90e3d0b418c3466579fef55

  • SHA256

    f50018690b00bccef1a410698d03a3768e462bcc05bff2f4ed4efa5d7f0fb41a

  • SHA512

    f6cf3219a07f97b4a720cc480c068c59707d313e6399228f947a4566732a42c57914680b97cd2f3a89ed7558ff73c5d5bff55eac3fad23ed4f92e5008e29a0b8

  • SSDEEP

    1536:Rv9qZsQv4JgFpMTdYAdQH4kd3Eqd0oTHt9bJbn2wMUlnZGgSTe891kFUZgwTud:RwsiLMdQYI3E2jzlbn2jSGgSTZGU2d

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      297d328be2ffbfaf58b141c26cb20cfa_JaffaCakes118

    • Size

      114KB

    • MD5

      297d328be2ffbfaf58b141c26cb20cfa

    • SHA1

      e50e69255c75d52ed90e3d0b418c3466579fef55

    • SHA256

      f50018690b00bccef1a410698d03a3768e462bcc05bff2f4ed4efa5d7f0fb41a

    • SHA512

      f6cf3219a07f97b4a720cc480c068c59707d313e6399228f947a4566732a42c57914680b97cd2f3a89ed7558ff73c5d5bff55eac3fad23ed4f92e5008e29a0b8

    • SSDEEP

      1536:Rv9qZsQv4JgFpMTdYAdQH4kd3Eqd0oTHt9bJbn2wMUlnZGgSTe891kFUZgwTud:RwsiLMdQYI3E2jzlbn2jSGgSTZGU2d

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks