General

  • Target

    JaffaCakes118_98513d260023a0cb3667f2e8dac81c4f

  • Size

    1.4MB

  • Sample

    250330-hdrmqs11fz

  • MD5

    98513d260023a0cb3667f2e8dac81c4f

  • SHA1

    189be40083f151d30b3c588accdc23ea6c2f5075

  • SHA256

    2925a43bce9b41922ab001e421806ef21ae443d4f1eda68639a9b155d5dfb29e

  • SHA512

    6eb37009bd8f8145ad9378c87605a6f0195ceed56213bc7d17bef6a78ef6889900442b8f38fb9bd44f780beaa7d7e328b51a2885c141414810a91f0d930a3f27

  • SSDEEP

    24576:TQ7ceaRuHmGB7h+4E42P/M2euPuKpxLD2DgDQj9VEH2nyYtLDwI9T9aA/gfsc5E+:6g0Jl+4E42c2euWKpxLD2UDG9Ve2yuIp

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_98513d260023a0cb3667f2e8dac81c4f

    • Size

      1.4MB

    • MD5

      98513d260023a0cb3667f2e8dac81c4f

    • SHA1

      189be40083f151d30b3c588accdc23ea6c2f5075

    • SHA256

      2925a43bce9b41922ab001e421806ef21ae443d4f1eda68639a9b155d5dfb29e

    • SHA512

      6eb37009bd8f8145ad9378c87605a6f0195ceed56213bc7d17bef6a78ef6889900442b8f38fb9bd44f780beaa7d7e328b51a2885c141414810a91f0d930a3f27

    • SSDEEP

      24576:TQ7ceaRuHmGB7h+4E42P/M2euPuKpxLD2DgDQj9VEH2nyYtLDwI9T9aA/gfsc5E+:6g0Jl+4E42c2euWKpxLD2UDG9Ve2yuIp

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks