General

  • Target

    290d3953a9628371833353c2219dffc7_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240706-wbt7qszcmd

  • MD5

    290d3953a9628371833353c2219dffc7

  • SHA1

    d01a00409b72cf49379321b614691769613935c1

  • SHA256

    e19d6dec05cb23c6ca580512d116f69bd98885ab236f150338b4098ac5cf4b81

  • SHA512

    553b2f90777c5fedabf8c124cb7238737e43bb190b90c818ac35989026b0d3819fdd23ff83c54defb4db7fb69d53effdfc72a09467279a13e400d1f2583efd21

  • SSDEEP

    12288:kpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:kt/ir7bAK/ZFMlY8+HN9w

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      290d3953a9628371833353c2219dffc7_JaffaCakes118

    • Size

      1.1MB

    • MD5

      290d3953a9628371833353c2219dffc7

    • SHA1

      d01a00409b72cf49379321b614691769613935c1

    • SHA256

      e19d6dec05cb23c6ca580512d116f69bd98885ab236f150338b4098ac5cf4b81

    • SHA512

      553b2f90777c5fedabf8c124cb7238737e43bb190b90c818ac35989026b0d3819fdd23ff83c54defb4db7fb69d53effdfc72a09467279a13e400d1f2583efd21

    • SSDEEP

      12288:kpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:kt/ir7bAK/ZFMlY8+HN9w

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks