General

  • Target

    637fe9a37d7a06e65020482c5e55ae36_JaffaCakes118

  • Size

    437KB

  • Sample

    240722-rkw1ga1gjb

  • MD5

    637fe9a37d7a06e65020482c5e55ae36

  • SHA1

    8da709a4b293bc089f36cc712503c675ed810660

  • SHA256

    10d20d082f685934872193d12f7f64e57c0efb35dd3cf369fe858e17c51ea055

  • SHA512

    caaff4dba1425e6ee9da7cd6c054c720871d4d9b0cad1855fd7f713317245ef60e6076d6cf6b4e0a81fbfea88a680dae2aaedfc6efe0a81aa0525269d64aa0b9

  • SSDEEP

    12288:dq3eTRLQp1cWhLb2LYGRfFWh9BQkgIGK+nN/a+LBaiKRqo:o3+RLQp15B2Lkh9WKQfBa1P

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      637fe9a37d7a06e65020482c5e55ae36_JaffaCakes118

    • Size

      437KB

    • MD5

      637fe9a37d7a06e65020482c5e55ae36

    • SHA1

      8da709a4b293bc089f36cc712503c675ed810660

    • SHA256

      10d20d082f685934872193d12f7f64e57c0efb35dd3cf369fe858e17c51ea055

    • SHA512

      caaff4dba1425e6ee9da7cd6c054c720871d4d9b0cad1855fd7f713317245ef60e6076d6cf6b4e0a81fbfea88a680dae2aaedfc6efe0a81aa0525269d64aa0b9

    • SSDEEP

      12288:dq3eTRLQp1cWhLb2LYGRfFWh9BQkgIGK+nN/a+LBaiKRqo:o3+RLQp15B2Lkh9WKQfBa1P

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks