General

  • Target

    bb6790ca214bb4dcde03e33d1fc7aa52_JaffaCakes118

  • Size

    100KB

  • Sample

    241203-dd5r5ssmcm

  • MD5

    bb6790ca214bb4dcde03e33d1fc7aa52

  • SHA1

    82a5f2752b33b40f3b99a40edfd7d56a592f5af1

  • SHA256

    fa9a2bba567399cfa30ec496e0f59bc2d8c9ed965de6d0b8e77144c3aba0c36e

  • SHA512

    848d5cf71029659cad3b5ac38811d077ceb080b682da36b02326affd1e7248c47800870c39b717fa400d7304357c45e515674ab657f3861192983e026bcbadde

  • SSDEEP

    1536:Ro/hxMIcRRUD5zvjG+Nwy/g5e3BoOiQt2ZLnbM84zpNhrkIFqLimCjyXhLM1u:+hVtDd7OQg5DOiQQFIXrX2imC+xLM1u

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      bb6790ca214bb4dcde03e33d1fc7aa52_JaffaCakes118

    • Size

      100KB

    • MD5

      bb6790ca214bb4dcde03e33d1fc7aa52

    • SHA1

      82a5f2752b33b40f3b99a40edfd7d56a592f5af1

    • SHA256

      fa9a2bba567399cfa30ec496e0f59bc2d8c9ed965de6d0b8e77144c3aba0c36e

    • SHA512

      848d5cf71029659cad3b5ac38811d077ceb080b682da36b02326affd1e7248c47800870c39b717fa400d7304357c45e515674ab657f3861192983e026bcbadde

    • SSDEEP

      1536:Ro/hxMIcRRUD5zvjG+Nwy/g5e3BoOiQt2ZLnbM84zpNhrkIFqLimCjyXhLM1u:+hVtDd7OQg5DOiQQFIXrX2imC+xLM1u

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.