General

  • Target

    63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118

  • Size

    511KB

  • Sample

    240722-t9q7maxgln

  • MD5

    63f8a237f7fc1cada034cf68e0b72f48

  • SHA1

    c5955634d1b61561ebee0aeb135296ac0c8c6f03

  • SHA256

    1f3c72c1849cf5c148f43c9b19cec18fb74f28711d4f1db975e4727e2c072023

  • SHA512

    36d709106b204743fa2e6d3900837cce4236c9b437ff375807a83fb8dad03a4cb6171b70acbcb44884fa6ebecf26a7d6e5310a839ccd3c0c863667ee9b42ffe9

  • SSDEEP

    12288:3IFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:3oesOIK/2kgS2TyctTnT3+

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      63f8a237f7fc1cada034cf68e0b72f48_JaffaCakes118

    • Size

      511KB

    • MD5

      63f8a237f7fc1cada034cf68e0b72f48

    • SHA1

      c5955634d1b61561ebee0aeb135296ac0c8c6f03

    • SHA256

      1f3c72c1849cf5c148f43c9b19cec18fb74f28711d4f1db975e4727e2c072023

    • SHA512

      36d709106b204743fa2e6d3900837cce4236c9b437ff375807a83fb8dad03a4cb6171b70acbcb44884fa6ebecf26a7d6e5310a839ccd3c0c863667ee9b42ffe9

    • SSDEEP

      12288:3IFZBYs5cIREvnVGhkIPS2TffUdctTnTN/Vd9Im+7gW:3oesOIK/2kgS2TyctTnT3+

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks