General

  • Target

    f051ab4e7b5646a97caafe260e99df7b_JaffaCakes118

  • Size

    527KB

  • Sample

    240921-was82svfpj

  • MD5

    f051ab4e7b5646a97caafe260e99df7b

  • SHA1

    0f2f7661cfccb9e9ef030b4c7cbcae591c277081

  • SHA256

    d9a4c7563632f29fa26548660bd4131faf2cfe5a7fc58564883680018dafee6d

  • SHA512

    05140c4e52c1d0ca249d4e62daef86acea6eb0591b7bb9ca05ede05c99d3f9597ad82123bfab1c85d402e7e107df2483151db03f65a00b86878267ced867ba45

  • SSDEEP

    12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zv3:VBCrpjiz4OZ+gnp2SWv3

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      f051ab4e7b5646a97caafe260e99df7b_JaffaCakes118

    • Size

      527KB

    • MD5

      f051ab4e7b5646a97caafe260e99df7b

    • SHA1

      0f2f7661cfccb9e9ef030b4c7cbcae591c277081

    • SHA256

      d9a4c7563632f29fa26548660bd4131faf2cfe5a7fc58564883680018dafee6d

    • SHA512

      05140c4e52c1d0ca249d4e62daef86acea6eb0591b7bb9ca05ede05c99d3f9597ad82123bfab1c85d402e7e107df2483151db03f65a00b86878267ced867ba45

    • SSDEEP

      12288:VBCrp/biz1OZUvtrZk3lKcKn265pi0F4zv3:VBCrpjiz4OZ+gnp2SWv3

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks