General

  • Target

    640fbee0d925c3d8189f071dfa68816a_JaffaCakes118

  • Size

    480KB

  • Sample

    240722-vr3clsxhqc

  • MD5

    640fbee0d925c3d8189f071dfa68816a

  • SHA1

    4db373f97a8e82ccaf332db3ab5f2a4c5b60ab00

  • SHA256

    5705dffc898ef167379cc901cd02f712a586a57bb465d565b0d4f638f111fb10

  • SHA512

    27d11cf750d43c7dbe3f8ca968426ceeb8d484e3cf6be7c620a47db917f762f265f415b9cbb5bc506ccb1a7615595f3ff22590d92eb13cb3c2d1ec3004cede6f

  • SSDEEP

    12288:gaS90fnRCivIFaq8dNivqYLhqDj7QbPpjMkt5Flr:xfRPSXQNmIDj0Vjzlr

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      640fbee0d925c3d8189f071dfa68816a_JaffaCakes118

    • Size

      480KB

    • MD5

      640fbee0d925c3d8189f071dfa68816a

    • SHA1

      4db373f97a8e82ccaf332db3ab5f2a4c5b60ab00

    • SHA256

      5705dffc898ef167379cc901cd02f712a586a57bb465d565b0d4f638f111fb10

    • SHA512

      27d11cf750d43c7dbe3f8ca968426ceeb8d484e3cf6be7c620a47db917f762f265f415b9cbb5bc506ccb1a7615595f3ff22590d92eb13cb3c2d1ec3004cede6f

    • SSDEEP

      12288:gaS90fnRCivIFaq8dNivqYLhqDj7QbPpjMkt5Flr:xfRPSXQNmIDj0Vjzlr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Deletes itself

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks