General

  • Target

    290768080468426ca60b70c19c50865e_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240706-v7w6jazaqd

  • MD5

    290768080468426ca60b70c19c50865e

  • SHA1

    d02fa1633b534ecec5837118ead0df66595f3707

  • SHA256

    9e2efe27d84bb94392d14224c550b9969c8a9198efb38069bf5a5625e53adcdb

  • SHA512

    1e51d09ccbedfad4e3ba852dc8d7179e423ddd987b04e1e41a747c090075e1baeb1a90bc271097dd32e4bb425c0f0121bb7962d10ef7886d1aea71dae129ac6e

  • SSDEEP

    98304:pYLX2uBXwyIX2Nsqgh0E20CSoOzveMRCKGcc8O1A0OBGybe1yTD7NvL:ImxX2kZ2F5bJxjA0yQC7VL

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      290768080468426ca60b70c19c50865e_JaffaCakes118

    • Size

      4.5MB

    • MD5

      290768080468426ca60b70c19c50865e

    • SHA1

      d02fa1633b534ecec5837118ead0df66595f3707

    • SHA256

      9e2efe27d84bb94392d14224c550b9969c8a9198efb38069bf5a5625e53adcdb

    • SHA512

      1e51d09ccbedfad4e3ba852dc8d7179e423ddd987b04e1e41a747c090075e1baeb1a90bc271097dd32e4bb425c0f0121bb7962d10ef7886d1aea71dae129ac6e

    • SSDEEP

      98304:pYLX2uBXwyIX2Nsqgh0E20CSoOzveMRCKGcc8O1A0OBGybe1yTD7NvL:ImxX2kZ2F5bJxjA0yQC7VL

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies security service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks