General
-
Target
JaffaCakes118_9705355b04bbddd4bf58861654cea033
-
Size
72KB
-
Sample
250329-yvr8la1qy9
-
MD5
9705355b04bbddd4bf58861654cea033
-
SHA1
7ef470f76bce54fc9077458980de1b4daf46afec
-
SHA256
2877b00a91b084f505130b2bd3acffa6fb1793e25a5344603b69164b89cbb8d2
-
SHA512
91ff1dabc96b234d052d5e93e9bf965bfd4598207bec8a74f780deafc443366b6455a373ff3df2c0e82dbc808b7bde315c5ccf916c229f9c3c66cd2b3d9cb89b
-
SSDEEP
1536:8JDk2kAB6s0D1NVQdHUnl5LPkXdl6WKCTVeOZzsbAFREqOE:sCo6zDVEHiYdlMCTVe6oAOE
Malware Config
Extracted
metasploit
encoder/call4_dword_xor
Targets
-
-
Target
JaffaCakes118_9705355b04bbddd4bf58861654cea033
-
Size
72KB
-
MD5
9705355b04bbddd4bf58861654cea033
-
SHA1
7ef470f76bce54fc9077458980de1b4daf46afec
-
SHA256
2877b00a91b084f505130b2bd3acffa6fb1793e25a5344603b69164b89cbb8d2
-
SHA512
91ff1dabc96b234d052d5e93e9bf965bfd4598207bec8a74f780deafc443366b6455a373ff3df2c0e82dbc808b7bde315c5ccf916c229f9c3c66cd2b3d9cb89b
-
SSDEEP
1536:8JDk2kAB6s0D1NVQdHUnl5LPkXdl6WKCTVeOZzsbAFREqOE:sCo6zDVEHiYdlMCTVe6oAOE
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Metasploit family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1