General

  • Target

    2a1368c24b605f9024bec903c2e90629_JaffaCakes118

  • Size

    164KB

  • Sample

    240707-2xypyazhmq

  • MD5

    2a1368c24b605f9024bec903c2e90629

  • SHA1

    a00053184c9640ae4d5c0a24fb489a2287dc3f3a

  • SHA256

    e1bb40bfe04bbfadedd438e1f62e1927914258718c74029e90a4f67244154f53

  • SHA512

    04fb62eadb8ee4e8a18ad4e759337deaab4e69659c7d44c16e51f6052951d659908c2b55c4f6555c7a06dba172b493f26e716eed6fc61488e64039ecd16c306f

  • SSDEEP

    3072:GRMBGFjto6I901/O1LGW3/wOb61r19C3Sj2zky4xI2vqGMZJ:TO1WUWvKJm3SuL4x5vqVf

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      2a1368c24b605f9024bec903c2e90629_JaffaCakes118

    • Size

      164KB

    • MD5

      2a1368c24b605f9024bec903c2e90629

    • SHA1

      a00053184c9640ae4d5c0a24fb489a2287dc3f3a

    • SHA256

      e1bb40bfe04bbfadedd438e1f62e1927914258718c74029e90a4f67244154f53

    • SHA512

      04fb62eadb8ee4e8a18ad4e759337deaab4e69659c7d44c16e51f6052951d659908c2b55c4f6555c7a06dba172b493f26e716eed6fc61488e64039ecd16c306f

    • SSDEEP

      3072:GRMBGFjto6I901/O1LGW3/wOb61r19C3Sj2zky4xI2vqGMZJ:TO1WUWvKJm3SuL4x5vqVf

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks