General

  • Target

    dd7e649ad9b4d5bbc67cf5c2bc832a94_JaffaCakes118

  • Size

    80KB

  • Sample

    241210-hjqydsxlew

  • MD5

    dd7e649ad9b4d5bbc67cf5c2bc832a94

  • SHA1

    55423740f2feb889402aecf6a37b609be89ae466

  • SHA256

    0aa9e1bd0803390f5f89a80d52df3cb958985b8a083f8c0225b6ea72cb327112

  • SHA512

    353b15c50e242b6c808331077c9491e969bcf81447cabd410e11c5aa388ea8e0270ec4a3834b511ad5b38e9b68b1a763753815a6739413c9a513d5ca8660d14c

  • SSDEEP

    1536:rZ7WKsy/sYvUJsq5ZFQIWqOsUu7HFCXs3Cr621X+m4gu:rZ7WKsfF5ZeIWqOs57llCr628mW

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      dd7e649ad9b4d5bbc67cf5c2bc832a94_JaffaCakes118

    • Size

      80KB

    • MD5

      dd7e649ad9b4d5bbc67cf5c2bc832a94

    • SHA1

      55423740f2feb889402aecf6a37b609be89ae466

    • SHA256

      0aa9e1bd0803390f5f89a80d52df3cb958985b8a083f8c0225b6ea72cb327112

    • SHA512

      353b15c50e242b6c808331077c9491e969bcf81447cabd410e11c5aa388ea8e0270ec4a3834b511ad5b38e9b68b1a763753815a6739413c9a513d5ca8660d14c

    • SSDEEP

      1536:rZ7WKsy/sYvUJsq5ZFQIWqOsUu7HFCXs3Cr621X+m4gu:rZ7WKsfF5ZeIWqOs57llCr628mW

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks