General

  • Target

    63f843fa463b6804e46ad0271e46d90e_JaffaCakes118

  • Size

    199KB

  • Sample

    240722-t9gcesxbkg

  • MD5

    63f843fa463b6804e46ad0271e46d90e

  • SHA1

    b8fdd784e24203c4cc3e721920f12572a2abef34

  • SHA256

    4fd528cc0a8a6464b9609f56da5be763d58410bed0c740860eeeafda10d7e7fc

  • SHA512

    68b4a98a1eba959c3fd2b81a30a8d4da8ad039cb301b217f55f5954164add9b28458970110b7008356f2ecd7f66a59e6fcbd6a1039214b1f33d25ea3d8542954

  • SSDEEP

    3072:WZJXuVBeTMqzaNKXhdPlWh+4wQEbK/Xmi2GKp8zHHr154Nsb2P3O:WbXuVBeJvxdgPFSfi23KzHL15413

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      63f843fa463b6804e46ad0271e46d90e_JaffaCakes118

    • Size

      199KB

    • MD5

      63f843fa463b6804e46ad0271e46d90e

    • SHA1

      b8fdd784e24203c4cc3e721920f12572a2abef34

    • SHA256

      4fd528cc0a8a6464b9609f56da5be763d58410bed0c740860eeeafda10d7e7fc

    • SHA512

      68b4a98a1eba959c3fd2b81a30a8d4da8ad039cb301b217f55f5954164add9b28458970110b7008356f2ecd7f66a59e6fcbd6a1039214b1f33d25ea3d8542954

    • SSDEEP

      3072:WZJXuVBeTMqzaNKXhdPlWh+4wQEbK/Xmi2GKp8zHHr154Nsb2P3O:WbXuVBeJvxdgPFSfi23KzHL15413

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks