General

  • Target

    63538371e51e0d5637c7daaae47234a3_JaffaCakes118

  • Size

    73KB

  • Sample

    240722-qla9qaygmd

  • MD5

    63538371e51e0d5637c7daaae47234a3

  • SHA1

    9d48a76ee96733405506f7da0c5df16394c3c676

  • SHA256

    a5f73c22e2d6f2c6e89f27a7b095077e81ca97876809210f369935a905fd0df7

  • SHA512

    03f07a4ee144b8a4a42679788de4e06707404bcb699ddc0dd189e72b36e87a9942679796cad1902ed6d46c3827517da9b04551ed9eafef4536148479b0c49e0c

  • SSDEEP

    1536:35sc375Ab4EBanICQFuIiyd6gWHpkeaPRAER:3p5wfCQF92HpkeWp

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      63538371e51e0d5637c7daaae47234a3_JaffaCakes118

    • Size

      73KB

    • MD5

      63538371e51e0d5637c7daaae47234a3

    • SHA1

      9d48a76ee96733405506f7da0c5df16394c3c676

    • SHA256

      a5f73c22e2d6f2c6e89f27a7b095077e81ca97876809210f369935a905fd0df7

    • SHA512

      03f07a4ee144b8a4a42679788de4e06707404bcb699ddc0dd189e72b36e87a9942679796cad1902ed6d46c3827517da9b04551ed9eafef4536148479b0c49e0c

    • SSDEEP

      1536:35sc375Ab4EBanICQFuIiyd6gWHpkeaPRAER:3p5wfCQF92HpkeWp

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Modifies firewall policy service

    • Modifies security service

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks