General

  • Target

    294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118

  • Size

    214KB

  • Sample

    240706-xrrxzs1anq

  • MD5

    294ab5b0fa70267a4acc6c65d9b16988

  • SHA1

    5b2052251fbdbcf27d332c82283a47a52bd20b62

  • SHA256

    b59dc23a9ddfe1d442a553dcdf0213490326ddd695b06334827fe82c2ed0ed06

  • SHA512

    ef7b5e7d9354b6c448ca4432063d60d58053f7958b7040f18dc9404f6b080f114dbf12fa4f472bad7bd326444a14d49efa88feff463e99801c17413a6e3b1def

  • SSDEEP

    6144:SH2eDEnF52e7Kag+l8PiVNpkMKPdnB1N/FjzhNf:SWOE6e7fgvENprK3LFjLf

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      294ab5b0fa70267a4acc6c65d9b16988_JaffaCakes118

    • Size

      214KB

    • MD5

      294ab5b0fa70267a4acc6c65d9b16988

    • SHA1

      5b2052251fbdbcf27d332c82283a47a52bd20b62

    • SHA256

      b59dc23a9ddfe1d442a553dcdf0213490326ddd695b06334827fe82c2ed0ed06

    • SHA512

      ef7b5e7d9354b6c448ca4432063d60d58053f7958b7040f18dc9404f6b080f114dbf12fa4f472bad7bd326444a14d49efa88feff463e99801c17413a6e3b1def

    • SSDEEP

      6144:SH2eDEnF52e7Kag+l8PiVNpkMKPdnB1N/FjzhNf:SWOE6e7fgvENprK3LFjLf

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks