General

  • Target

    28ec2e0d265ccb8559a54043b3f4f5b7_JaffaCakes118

  • Size

    6.3MB

  • Sample

    240706-vhvw6sybmg

  • MD5

    28ec2e0d265ccb8559a54043b3f4f5b7

  • SHA1

    6306ac92d6335e3f3e961055cb71989b9b2f0a9b

  • SHA256

    0d6f9ce9f73a60add174f4490df1741be6cc710e2d38ea1cebea9da69382a62d

  • SHA512

    9d7d0290836a7beeb075fb422e4030631b1f212d974f68777291ab2e323b08ccc66b5c11293e2bf42ea6656c7802e5902d00032a92ab6a5966dce2c0220a9af6

  • SSDEEP

    768:rLe/oQbI8MykvfC9TXiPw7pQb1PLBVCs56ZfNUs+MXA:rCzUykvGpAVBhyMMXA

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      28ec2e0d265ccb8559a54043b3f4f5b7_JaffaCakes118

    • Size

      6.3MB

    • MD5

      28ec2e0d265ccb8559a54043b3f4f5b7

    • SHA1

      6306ac92d6335e3f3e961055cb71989b9b2f0a9b

    • SHA256

      0d6f9ce9f73a60add174f4490df1741be6cc710e2d38ea1cebea9da69382a62d

    • SHA512

      9d7d0290836a7beeb075fb422e4030631b1f212d974f68777291ab2e323b08ccc66b5c11293e2bf42ea6656c7802e5902d00032a92ab6a5966dce2c0220a9af6

    • SSDEEP

      768:rLe/oQbI8MykvfC9TXiPw7pQb1PLBVCs56ZfNUs+MXA:rCzUykvGpAVBhyMMXA

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks