General

  • Target

    JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d

  • Size

    257KB

  • Sample

    250127-zqgrqsvnex

  • MD5

    439abb5df2d8d0f569f194fe9446d85d

  • SHA1

    46125b0c07853a16b3595d5c597d86c9a6f5c925

  • SHA256

    aec0430a38315effaa081593a3092eb9dbb2d33ea654d48fc9c573832430e2ec

  • SHA512

    f97d459f160fb72592526d71b41b5ba016490447dc2da025f8125673d37bc79cd33e1202216c39c6827911b4496805ebe8770027e32475b94590ecd132c5b927

  • SSDEEP

    6144:mgp+eQp3mWsm9jdUgDToU7uky3XRn/N+8phUZO3gWBkO:Bp+e6WsTN7uN3FLSO3dV

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_439abb5df2d8d0f569f194fe9446d85d

    • Size

      257KB

    • MD5

      439abb5df2d8d0f569f194fe9446d85d

    • SHA1

      46125b0c07853a16b3595d5c597d86c9a6f5c925

    • SHA256

      aec0430a38315effaa081593a3092eb9dbb2d33ea654d48fc9c573832430e2ec

    • SHA512

      f97d459f160fb72592526d71b41b5ba016490447dc2da025f8125673d37bc79cd33e1202216c39c6827911b4496805ebe8770027e32475b94590ecd132c5b927

    • SSDEEP

      6144:mgp+eQp3mWsm9jdUgDToU7uky3XRn/N+8phUZO3gWBkO:Bp+e6WsTN7uN3FLSO3dV

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks