General

  • Target

    63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118

  • Size

    196KB

  • Sample

    240722-sbhbdsthmj

  • MD5

    63a10e8cf29f856c2d901dd1871ebf59

  • SHA1

    753fe75c161a8e7f609669582a75e9afe6e4bfa0

  • SHA256

    dfe5ebbbc5dc2b87beb3d149b8a9a80a69fa868d830ff91ffc281b32c3efb487

  • SHA512

    497c8b300ea10bc47f35af27ab4d9fbddf4d5588345e1a96a8eae61b05e1ca22beebac036f266beccb3b39a910d9e55bc9ed38e4f1c676d23bbb150ff5d153c8

  • SSDEEP

    3072:Au7ljz+tjKao5jjuB+gudGQ4fWYTgHDYz3W130DFj38Tv6MYBYySXC4iWLGb:p8maocdMGQ4ftEHD/yFj38Tv6jBQLG

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      63a10e8cf29f856c2d901dd1871ebf59_JaffaCakes118

    • Size

      196KB

    • MD5

      63a10e8cf29f856c2d901dd1871ebf59

    • SHA1

      753fe75c161a8e7f609669582a75e9afe6e4bfa0

    • SHA256

      dfe5ebbbc5dc2b87beb3d149b8a9a80a69fa868d830ff91ffc281b32c3efb487

    • SHA512

      497c8b300ea10bc47f35af27ab4d9fbddf4d5588345e1a96a8eae61b05e1ca22beebac036f266beccb3b39a910d9e55bc9ed38e4f1c676d23bbb150ff5d153c8

    • SSDEEP

      3072:Au7ljz+tjKao5jjuB+gudGQ4fWYTgHDYz3W130DFj38Tv6MYBYySXC4iWLGb:p8maocdMGQ4ftEHD/yFj38Tv6jBQLG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks