General

  • Target

    7f25dcb0bfd074a36dd11120167443b7_JaffaCakes118

  • Size

    168KB

  • Sample

    241030-parxnashpe

  • MD5

    7f25dcb0bfd074a36dd11120167443b7

  • SHA1

    3763bd3bf295a9a4244a7f82aaa94fa70748d279

  • SHA256

    b3704fffcc57e829bce69086371f497de31499d8c2d9ff06ce86a3f1c2c014b2

  • SHA512

    e3314935c8aca7b4532cde1d2c1cc3bc0c662a5bd038c40bc12bfb09ea99fcefeb3570c319b3b9abedaf851bfa15db8cbfc6482ad3290b7645f8c4bc938e7839

  • SSDEEP

    3072:dCADZrCf5So78VnkTfDdofYRxYv0sSpMU4HBWsN+oWFcgz7xpM:gOrCyVkmSh4H5MoWFjdpM

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      7f25dcb0bfd074a36dd11120167443b7_JaffaCakes118

    • Size

      168KB

    • MD5

      7f25dcb0bfd074a36dd11120167443b7

    • SHA1

      3763bd3bf295a9a4244a7f82aaa94fa70748d279

    • SHA256

      b3704fffcc57e829bce69086371f497de31499d8c2d9ff06ce86a3f1c2c014b2

    • SHA512

      e3314935c8aca7b4532cde1d2c1cc3bc0c662a5bd038c40bc12bfb09ea99fcefeb3570c319b3b9abedaf851bfa15db8cbfc6482ad3290b7645f8c4bc938e7839

    • SSDEEP

      3072:dCADZrCf5So78VnkTfDdofYRxYv0sSpMU4HBWsN+oWFcgz7xpM:gOrCyVkmSh4H5MoWFjdpM

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks