General
-
Target
f3a255cd5e198a6a1518c8cab2c0ac2f_JaffaCakes118
-
Size
107KB
-
Sample
240924-plrq2avcnl
-
MD5
f3a255cd5e198a6a1518c8cab2c0ac2f
-
SHA1
700434728083617c758d4c893959e2e63562b353
-
SHA256
5ce3f9c4752da334a00af6aa22550da57e77adab646b3774c6d9eeabe2f2ccd5
-
SHA512
0b33d534858bd56f375323f42bb6046d9082a1dbf437f665ebc8a38c22643309c6d40d484f8532c36ab7a82d4b7f162e0bf6a3274ed47b67a083b1b6870cf2ed
-
SSDEEP
3072:cgZoEWJnMecMTMD8+ZMzyBygGUxCPfgLy6W:d6JnRTf+LBygb1Ly6
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
f3a255cd5e198a6a1518c8cab2c0ac2f_JaffaCakes118
-
Size
107KB
-
MD5
f3a255cd5e198a6a1518c8cab2c0ac2f
-
SHA1
700434728083617c758d4c893959e2e63562b353
-
SHA256
5ce3f9c4752da334a00af6aa22550da57e77adab646b3774c6d9eeabe2f2ccd5
-
SHA512
0b33d534858bd56f375323f42bb6046d9082a1dbf437f665ebc8a38c22643309c6d40d484f8532c36ab7a82d4b7f162e0bf6a3274ed47b67a083b1b6870cf2ed
-
SSDEEP
3072:cgZoEWJnMecMTMD8+ZMzyBygGUxCPfgLy6W:d6JnRTf+LBygb1Ly6
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1