General
-
Target
37b16efed8e71347d2ca91baee81f60a_JaffaCakes118
-
Size
132KB
-
Sample
241012-bd45haybnp
-
MD5
37b16efed8e71347d2ca91baee81f60a
-
SHA1
d935cadfff7d039ba69cb2fc7c0b54ddb14eeee6
-
SHA256
bc8a8991e1439ec96086c47c79d224d9e218b8bdc525477e2265761ce802190b
-
SHA512
142ffaaeee65b608b50899fb768b6914335fb87f49710978f34bba2b5d1cd8e49c9509cacef5731c2749ed37538ffccd3def8b3691fff17074128b1a1e130bb5
-
SSDEEP
3072:aeoHqnoFivg3mJltZWj2Zy5zMZAX1FHJHda23TLuQGe9:LwqoFiYmJltTZy5JlFpHspQGe
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Targets
-
-
Target
37b16efed8e71347d2ca91baee81f60a_JaffaCakes118
-
Size
132KB
-
MD5
37b16efed8e71347d2ca91baee81f60a
-
SHA1
d935cadfff7d039ba69cb2fc7c0b54ddb14eeee6
-
SHA256
bc8a8991e1439ec96086c47c79d224d9e218b8bdc525477e2265761ce802190b
-
SHA512
142ffaaeee65b608b50899fb768b6914335fb87f49710978f34bba2b5d1cd8e49c9509cacef5731c2749ed37538ffccd3def8b3691fff17074128b1a1e130bb5
-
SSDEEP
3072:aeoHqnoFivg3mJltZWj2Zy5zMZAX1FHJHda23TLuQGe9:LwqoFiYmJltTZy5JlFpHspQGe
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1File Deletion
1Modify Registry
1