General

  • Target

    6395cc8f9961db944acc9d801f58ea95_JaffaCakes118

  • Size

    48KB

  • Sample

    240722-r3rhpssfre

  • MD5

    6395cc8f9961db944acc9d801f58ea95

  • SHA1

    8e17cc6ad9381c33ec7692ed7bcc8dd2a3edd5e8

  • SHA256

    6f099129d9adf4016d637e3d92e0e3818e789213a6fcc08c77300f806a3a423c

  • SHA512

    1ac30b27a04a4fc22f69d5d82bd1db56d36c5646d333dc3e621e9915a8b87c343b708be2d59b7ab2605842122a56fca9439caac9814b1a0e557ca25e166bbabd

  • SSDEEP

    1536:q0RlZC8dE3cYHjS+xfDWXrFWcfeCjSOp:q0RlJR+x7W3WCmOp

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      6395cc8f9961db944acc9d801f58ea95_JaffaCakes118

    • Size

      48KB

    • MD5

      6395cc8f9961db944acc9d801f58ea95

    • SHA1

      8e17cc6ad9381c33ec7692ed7bcc8dd2a3edd5e8

    • SHA256

      6f099129d9adf4016d637e3d92e0e3818e789213a6fcc08c77300f806a3a423c

    • SHA512

      1ac30b27a04a4fc22f69d5d82bd1db56d36c5646d333dc3e621e9915a8b87c343b708be2d59b7ab2605842122a56fca9439caac9814b1a0e557ca25e166bbabd

    • SSDEEP

      1536:q0RlZC8dE3cYHjS+xfDWXrFWcfeCjSOp:q0RlJR+x7W3WCmOp

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks