General

  • Target

    28c821d3400fced8ddfbb953db0abd5f_JaffaCakes118

  • Size

    126KB

  • Sample

    240706-tn3crsthrr

  • MD5

    28c821d3400fced8ddfbb953db0abd5f

  • SHA1

    d19dfb0c707c354f524d2720f0cefe0cdd290e08

  • SHA256

    288e2e3103fee0ff4746eccd58ca18f38297e4d08a3a376f78a0031343b06a54

  • SHA512

    f5d22c9b034661cbcb6346fcc7ce11784fb1a86af64c43ef91c2bf7fef5aef116032b5097e0819e8bb2ec039083aeecc96bf52537e07f34b3ca418f2100b6341

  • SSDEEP

    1536:H4eZ7UrMw/bKUUXG+5cukGFVkRYi+8Gkfpsuxn6sjB0naN1EswaKuw8:H4MCKVXpqukCp8Ff9x6sjB0n81EZaKS

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      28c821d3400fced8ddfbb953db0abd5f_JaffaCakes118

    • Size

      126KB

    • MD5

      28c821d3400fced8ddfbb953db0abd5f

    • SHA1

      d19dfb0c707c354f524d2720f0cefe0cdd290e08

    • SHA256

      288e2e3103fee0ff4746eccd58ca18f38297e4d08a3a376f78a0031343b06a54

    • SHA512

      f5d22c9b034661cbcb6346fcc7ce11784fb1a86af64c43ef91c2bf7fef5aef116032b5097e0819e8bb2ec039083aeecc96bf52537e07f34b3ca418f2100b6341

    • SSDEEP

      1536:H4eZ7UrMw/bKUUXG+5cukGFVkRYi+8Gkfpsuxn6sjB0naN1EswaKuw8:H4MCKVXpqukCp8Ff9x6sjB0n81EZaKS

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks