General

  • Target

    28bbbd73d67f6a1e0de927ac8947225f_JaffaCakes118

  • Size

    488KB

  • Sample

    240706-tcz39swekf

  • MD5

    28bbbd73d67f6a1e0de927ac8947225f

  • SHA1

    f64fe7779c65324e022abfb963f8fe1e5285ee92

  • SHA256

    2650058f4859257c521cad3ade0ec0530fa265def927d71b454a4b54c805e12f

  • SHA512

    8ce8f2ec172278fd108faef0c3eed7e622934751449afa90ee6787ee9886a8e5a804b7ca4c7fc54bc653309aa8f3fec97188aab8bdf1d8fe647842944715c729

  • SSDEEP

    12288:nghlsJWOCKWde/wM3RsdNGYS3FtAgzCE6/z:nclsJToGwGRyNGYoSg2E6

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      28bbbd73d67f6a1e0de927ac8947225f_JaffaCakes118

    • Size

      488KB

    • MD5

      28bbbd73d67f6a1e0de927ac8947225f

    • SHA1

      f64fe7779c65324e022abfb963f8fe1e5285ee92

    • SHA256

      2650058f4859257c521cad3ade0ec0530fa265def927d71b454a4b54c805e12f

    • SHA512

      8ce8f2ec172278fd108faef0c3eed7e622934751449afa90ee6787ee9886a8e5a804b7ca4c7fc54bc653309aa8f3fec97188aab8bdf1d8fe647842944715c729

    • SSDEEP

      12288:nghlsJWOCKWde/wM3RsdNGYS3FtAgzCE6/z:nclsJToGwGRyNGYoSg2E6

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks