General

  • Target

    b2ef11a82e287e6f0bf3fe57274adf11_JaffaCakes118

  • Size

    153KB

  • Sample

    241129-wlrjlayqgw

  • MD5

    b2ef11a82e287e6f0bf3fe57274adf11

  • SHA1

    ed77b9ee297d71fae61ebeb98120dc52c6bdf54b

  • SHA256

    dcebf9ef50cb79f0686dacaa02f1a9ed34316f23dcd9630e57b78d91459a1811

  • SHA512

    b7fe00919bb55d0d3f370b413091cdbe7d2a7058d3de77887f6c3e499e153374de15d40548acb88f5e76f2bdca85be3a7a8a467d7aed9fb16628bb9e124839a0

  • SSDEEP

    3072:DBU5v2uu18Q8d1+2ACISbkBdgYhNsGAcC04usWQQIork8K+zZ6x3Uo9G:+erN8HAZnzgYheufhrk8K+svG

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      b2ef11a82e287e6f0bf3fe57274adf11_JaffaCakes118

    • Size

      153KB

    • MD5

      b2ef11a82e287e6f0bf3fe57274adf11

    • SHA1

      ed77b9ee297d71fae61ebeb98120dc52c6bdf54b

    • SHA256

      dcebf9ef50cb79f0686dacaa02f1a9ed34316f23dcd9630e57b78d91459a1811

    • SHA512

      b7fe00919bb55d0d3f370b413091cdbe7d2a7058d3de77887f6c3e499e153374de15d40548acb88f5e76f2bdca85be3a7a8a467d7aed9fb16628bb9e124839a0

    • SSDEEP

      3072:DBU5v2uu18Q8d1+2ACISbkBdgYhNsGAcC04usWQQIork8K+zZ6x3Uo9G:+erN8HAZnzgYheufhrk8K+svG

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks