General

  • Target

    JaffaCakes118_98a433fd1e5e9ec0123a90f2fd51f3b3

  • Size

    194KB

  • Sample

    250330-n4g4wazq15

  • MD5

    98a433fd1e5e9ec0123a90f2fd51f3b3

  • SHA1

    b14a64c4fe09357bff5da6081114aa752799a0f3

  • SHA256

    bfdbc82c506fe324f7b6dd5223c3eabb4562e32f4b0e7bd51448489a18ac5b07

  • SHA512

    e7658ea14d0bdcf388f54d69c029313983b9ce72b4b8b1d2bda9b0aeafd26deb84af2550ff2304c00ec5cc76c2b0c111318d0e9814f0fa6a50286b357ca6465c

  • SSDEEP

    6144:a9rfJIqw2hj6rVwitWLbXaLOxf1LMWRaze2Jsj:aBfJI7Z4zayxflYsj

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_98a433fd1e5e9ec0123a90f2fd51f3b3

    • Size

      194KB

    • MD5

      98a433fd1e5e9ec0123a90f2fd51f3b3

    • SHA1

      b14a64c4fe09357bff5da6081114aa752799a0f3

    • SHA256

      bfdbc82c506fe324f7b6dd5223c3eabb4562e32f4b0e7bd51448489a18ac5b07

    • SHA512

      e7658ea14d0bdcf388f54d69c029313983b9ce72b4b8b1d2bda9b0aeafd26deb84af2550ff2304c00ec5cc76c2b0c111318d0e9814f0fa6a50286b357ca6465c

    • SSDEEP

      6144:a9rfJIqw2hj6rVwitWLbXaLOxf1LMWRaze2Jsj:aBfJI7Z4zayxflYsj

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks