General

  • Target

    29071ecdc32df793fff7a97014d43892_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240706-v7rk2szaqa

  • MD5

    29071ecdc32df793fff7a97014d43892

  • SHA1

    c7f66bb1df2f9c1637e9f7ce4e03798200451ead

  • SHA256

    0047e5737af475260535b230dc4951919ba3748e3ad1b41514805a8a68f4cbd3

  • SHA512

    4364644107eb4561352f8693083c2667487102c6c56d0267a026cf34a58eaa66ada34b7abf6b32a8832f921dbf8d42a40459cfc4bb9e98f04de6f53111b501de

  • SSDEEP

    12288:9Deq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:9n5rwgxG6TSPGEU7VqvLFyIna

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      29071ecdc32df793fff7a97014d43892_JaffaCakes118

    • Size

      1.2MB

    • MD5

      29071ecdc32df793fff7a97014d43892

    • SHA1

      c7f66bb1df2f9c1637e9f7ce4e03798200451ead

    • SHA256

      0047e5737af475260535b230dc4951919ba3748e3ad1b41514805a8a68f4cbd3

    • SHA512

      4364644107eb4561352f8693083c2667487102c6c56d0267a026cf34a58eaa66ada34b7abf6b32a8832f921dbf8d42a40459cfc4bb9e98f04de6f53111b501de

    • SSDEEP

      12288:9Deq6XQ2xIjrwg8d+G6e2S5Est12EUEYO27NUvLFyImxAuT:9n5rwgxG6TSPGEU7VqvLFyIna

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks