Overview

overview

10

Static

static

3

JaffaCakes...70.exe

windows7-x64

10

JaffaCakes...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_98731fd20df479461331d31578936170

  • Size

    145KB

  • Sample

    250330-k2faqavwgz

  • MD5

    98731fd20df479461331d31578936170

  • SHA1

    ceafe385dfeb4bae51321d35212019ca482de000

  • SHA256

    3a447fbfea0c0752c483aa6618853c69ffa1923af47c53e161c0332879adde81

  • SHA512

    e1a7520009eb30a21f2e35e457d8a18b50b4d08eb9a0377734794e18adf889f1d93ed84b90c58a4b898b47d2da6befe9256254495ffd1e3c31902f0dd55a3a6f

  • SSDEEP

    3072:l+XGH9gsWxJ469QwS9yOYytFhpd1GsItM2AsZtBRQx3qF:wlsW9QCyDhpdMsHuK

Score
10/10
metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      JaffaCakes118_98731fd20df479461331d31578936170

    • Size

      145KB

    • MD5

      98731fd20df479461331d31578936170

    • SHA1

      ceafe385dfeb4bae51321d35212019ca482de000

    • SHA256

      3a447fbfea0c0752c483aa6618853c69ffa1923af47c53e161c0332879adde81

    • SHA512

      e1a7520009eb30a21f2e35e457d8a18b50b4d08eb9a0377734794e18adf889f1d93ed84b90c58a4b898b47d2da6befe9256254495ffd1e3c31902f0dd55a3a6f

    • SSDEEP

      3072:l+XGH9gsWxJ469QwS9yOYytFhpd1GsItM2AsZtBRQx3qF:wlsW9QCyDhpdMsHuK

    Score
    10/10
    metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.