General

  • Target

    JaffaCakes118_40d862c46f9ecd57fb9b80d914b04095

  • Size

    386KB

  • Sample

    250127-sj14gavnbj

  • MD5

    40d862c46f9ecd57fb9b80d914b04095

  • SHA1

    87c571ba614c0ff4b7f705d09ec48fea349ed060

  • SHA256

    e0c23823302259f0b12b136ea7e157f598dc2c1e940e0cc137b0117c7c867e18

  • SHA512

    5a6cbd85d01f7a7384f9a7ea82de54c1d4a3145f665f99682f765e57cc539c1284f1ea4d2f061feacce3d171b84287478b8107505799773c9d72445bbe4af6a8

  • SSDEEP

    6144:YGleXoHqzHAKoFFYwiYKSzgTud7WdFFfK++IaGmKF+dnXj/PoDv5HqUVkh6WB:oXTzg7MCgw7Qo+WbBj/PUvEMU6y

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      JaffaCakes118_40d862c46f9ecd57fb9b80d914b04095

    • Size

      386KB

    • MD5

      40d862c46f9ecd57fb9b80d914b04095

    • SHA1

      87c571ba614c0ff4b7f705d09ec48fea349ed060

    • SHA256

      e0c23823302259f0b12b136ea7e157f598dc2c1e940e0cc137b0117c7c867e18

    • SHA512

      5a6cbd85d01f7a7384f9a7ea82de54c1d4a3145f665f99682f765e57cc539c1284f1ea4d2f061feacce3d171b84287478b8107505799773c9d72445bbe4af6a8

    • SSDEEP

      6144:YGleXoHqzHAKoFFYwiYKSzgTud7WdFFfK++IaGmKF+dnXj/PoDv5HqUVkh6WB:oXTzg7MCgw7Qo+WbBj/PUvEMU6y

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks