General

  • Target

    8e4646293ca700ee512b53a7f2fe265e_JaffaCakes118

  • Size

    196KB

  • Sample

    241104-awvhcaxqbw

  • MD5

    8e4646293ca700ee512b53a7f2fe265e

  • SHA1

    0df2bdd7e6c74056a53692aef270d78229516c5f

  • SHA256

    b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17

  • SHA512

    1dc4a941eee2e572e72bc7cdb79048bebbee513ac24912b48027351e6a6a173bc915ec119ccfafe98dc7ec228bb3ec202a5d64b514cb2c08cc61b6bc2c167735

  • SSDEEP

    6144:VEPQEcsSYBLM/kzjh/Xjp8vi7s9+3DSm4:2PQmSWBXyviE+z

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      8e4646293ca700ee512b53a7f2fe265e_JaffaCakes118

    • Size

      196KB

    • MD5

      8e4646293ca700ee512b53a7f2fe265e

    • SHA1

      0df2bdd7e6c74056a53692aef270d78229516c5f

    • SHA256

      b74cd6f752cefee7830838f1eac40b7d71efcc8c7fef2b375938a6974784ec17

    • SHA512

      1dc4a941eee2e572e72bc7cdb79048bebbee513ac24912b48027351e6a6a173bc915ec119ccfafe98dc7ec228bb3ec202a5d64b514cb2c08cc61b6bc2c167735

    • SSDEEP

      6144:VEPQEcsSYBLM/kzjh/Xjp8vi7s9+3DSm4:2PQmSWBXyviE+z

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks