General
-
Target
JaffaCakes118_94e299aa753ed181eda56d407107ca58
-
Size
124KB
-
Sample
250329-x8a1ssvjs6
-
MD5
94e299aa753ed181eda56d407107ca58
-
SHA1
a5123944bb04744fca30d8d14088e0ef3c85c583
-
SHA256
a8c864a074c4c1b76c46b80863da6aa49d11967042131503b9335dfb8b11063f
-
SHA512
1a23ad8a228a97722b2767603198aa267b333ab0ba4078c81dff9795c053f9d4bfbdd96a45a567ef016c70d0223968ca3bceb01fe7864644c7b869331b0e322c
-
SSDEEP
1536:mhqSYtGeGemOBKu9eL5/4weWWzmrn14z7azstv9ScRIMU/wAGrw1C5aRLW2n:deVwweWUmr1S7azw1R/UYAx1iYWu
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_94e299aa753ed181eda56d407107ca58
-
Size
124KB
-
MD5
94e299aa753ed181eda56d407107ca58
-
SHA1
a5123944bb04744fca30d8d14088e0ef3c85c583
-
SHA256
a8c864a074c4c1b76c46b80863da6aa49d11967042131503b9335dfb8b11063f
-
SHA512
1a23ad8a228a97722b2767603198aa267b333ab0ba4078c81dff9795c053f9d4bfbdd96a45a567ef016c70d0223968ca3bceb01fe7864644c7b869331b0e322c
-
SSDEEP
1536:mhqSYtGeGemOBKu9eL5/4weWWzmrn14z7azstv9ScRIMU/wAGrw1C5aRLW2n:deVwweWUmr1S7azw1R/UYAx1iYWu
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2