General

  • Target

    e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118

  • Size

    722KB

  • Sample

    241212-g5mmestjex

  • MD5

    e5187b2eec6ce7f9292bfb9a0b835e4c

  • SHA1

    111fe31ba8ebdd73029041c924388ad60c8befe3

  • SHA256

    6719fec4f8363ff695ac4d888b74dc70360bea5be738336d13ded79958b2762d

  • SHA512

    aa0de70529c20469a28b83586322ee0018f5e2f896772b4bc5cc32d3782df25645934fe3d9676032a9346b98c9e5c6a3d0bdea086991ba3666566c382f483119

  • SSDEEP

    12288:1aaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYS:IUMtt3+4YwbgCWalKvXNMpznpRTr94Tl

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e5187b2eec6ce7f9292bfb9a0b835e4c_JaffaCakes118

    • Size

      722KB

    • MD5

      e5187b2eec6ce7f9292bfb9a0b835e4c

    • SHA1

      111fe31ba8ebdd73029041c924388ad60c8befe3

    • SHA256

      6719fec4f8363ff695ac4d888b74dc70360bea5be738336d13ded79958b2762d

    • SHA512

      aa0de70529c20469a28b83586322ee0018f5e2f896772b4bc5cc32d3782df25645934fe3d9676032a9346b98c9e5c6a3d0bdea086991ba3666566c382f483119

    • SSDEEP

      12288:1aaRrhY8+ttdfix6GzpXafQwbgCXGRQQnbsKR9XDEONdTaxbzk/EK4FRTrVb4TYS:IUMtt3+4YwbgCWalKvXNMpznpRTr94Tl

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

MITRE ATT&CK Enterprise v15

Tasks