General

  • Target

    28f438993e344ab06d47ecd01b3186d4_JaffaCakes118

  • Size

    453KB

  • Sample

    240706-vqb42awdrn

  • MD5

    28f438993e344ab06d47ecd01b3186d4

  • SHA1

    79e5f9c4010ec4763b1ca29ad5d0bc013e94abf1

  • SHA256

    56e980592964c7fb643f82b604f17310717592f4adfcbfc3b054de240955e4b8

  • SHA512

    18f1d22c339bb55712b3ddadfb6401e959074984a4e2cc23c4d225888d45c3cf821355c1fc0fec0173a5abc0751a367f0b7bc1b34794fbe6da6003bf442b40d9

  • SSDEEP

    12288:ZQPA6krEJBUWNtDjLcnKNalKv1V0pjq1GBs:ZQiWNtD/qzAP0Nq1

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      28f438993e344ab06d47ecd01b3186d4_JaffaCakes118

    • Size

      453KB

    • MD5

      28f438993e344ab06d47ecd01b3186d4

    • SHA1

      79e5f9c4010ec4763b1ca29ad5d0bc013e94abf1

    • SHA256

      56e980592964c7fb643f82b604f17310717592f4adfcbfc3b054de240955e4b8

    • SHA512

      18f1d22c339bb55712b3ddadfb6401e959074984a4e2cc23c4d225888d45c3cf821355c1fc0fec0173a5abc0751a367f0b7bc1b34794fbe6da6003bf442b40d9

    • SSDEEP

      12288:ZQPA6krEJBUWNtDjLcnKNalKv1V0pjq1GBs:ZQiWNtD/qzAP0Nq1

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks