General

  • Target

    63188e2db866d247a1e79dd5db563a4c_JaffaCakes118

  • Size

    367KB

  • Sample

    240722-nvwwnsward

  • MD5

    63188e2db866d247a1e79dd5db563a4c

  • SHA1

    8b3b0ec3c38c90e9cd6eea80b62973d0d585085f

  • SHA256

    eed481b68d471d71badc894c79a6eadf0340e6776443a58399329c9f922c1f71

  • SHA512

    50a7c90b936f2d793b46a51124a39c21572142fba9b8b0f0c68c97177483c9a34c6d557ff9cff311126d36489cb10307f8e87cde7208fe941b90b3210cb92c5c

  • SSDEEP

    6144:Xhz8GHqNBtJmomI7l+hICwCW3hlTMo3MTveKyrShquWN89bYgXkJ09c3zTCmr:B8GHiJ4hWHQo30verKenJ0lmr

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      63188e2db866d247a1e79dd5db563a4c_JaffaCakes118

    • Size

      367KB

    • MD5

      63188e2db866d247a1e79dd5db563a4c

    • SHA1

      8b3b0ec3c38c90e9cd6eea80b62973d0d585085f

    • SHA256

      eed481b68d471d71badc894c79a6eadf0340e6776443a58399329c9f922c1f71

    • SHA512

      50a7c90b936f2d793b46a51124a39c21572142fba9b8b0f0c68c97177483c9a34c6d557ff9cff311126d36489cb10307f8e87cde7208fe941b90b3210cb92c5c

    • SSDEEP

      6144:Xhz8GHqNBtJmomI7l+hICwCW3hlTMo3MTveKyrShquWN89bYgXkJ09c3zTCmr:B8GHiJ4hWHQo30verKenJ0lmr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks