General

  • Target

    28c6d47f39afedae687c7db814be28e1_JaffaCakes118

  • Size

    138KB

  • Sample

    240706-tm2pvathnq

  • MD5

    28c6d47f39afedae687c7db814be28e1

  • SHA1

    c4a8d577aa6338434b986c228f6fb3a574f9af71

  • SHA256

    fd8774e6ca646b147e411241305b879fd611f1a07a6bf2288c44bfe1de4a361e

  • SHA512

    4fb462700b0bc241700343887ce62fef2166aa2f158aacd79a601d43179dcf40b84443b584ed3e6b6438d52fbaf29200d80e6ddc633ed0f7a91589e8fd84ebab

  • SSDEEP

    3072:vWgvZ1lmgXGmb2sZyY5r+qTC1ITLhbY1w+DvMhCmbaezL:tvZ1wgllyYQqjTL5Y1JDdmb1z

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      28c6d47f39afedae687c7db814be28e1_JaffaCakes118

    • Size

      138KB

    • MD5

      28c6d47f39afedae687c7db814be28e1

    • SHA1

      c4a8d577aa6338434b986c228f6fb3a574f9af71

    • SHA256

      fd8774e6ca646b147e411241305b879fd611f1a07a6bf2288c44bfe1de4a361e

    • SHA512

      4fb462700b0bc241700343887ce62fef2166aa2f158aacd79a601d43179dcf40b84443b584ed3e6b6438d52fbaf29200d80e6ddc633ed0f7a91589e8fd84ebab

    • SSDEEP

      3072:vWgvZ1lmgXGmb2sZyY5r+qTC1ITLhbY1w+DvMhCmbaezL:tvZ1wgllyYQqjTL5Y1JDdmb1z

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks