General

  • Target

    JaffaCakes118_98d5da824fabf016acea65ce4f45b4ad

  • Size

    275KB

  • Sample

    250330-sn1nha1wfx

  • MD5

    98d5da824fabf016acea65ce4f45b4ad

  • SHA1

    9e24b0782145056654a531125416901784f65a33

  • SHA256

    9a72961f7e496936d6ba0c059fd83896e25cec2a629787df149a701ed95107e1

  • SHA512

    c18eb94030b507e54b8dd7d593f602e249ffd6bcd09a777f0541bdb39d3989ba1db32c6a2f480b0232b0fe92a0151a74f10f8e63f6542c08907a9778f8a4a82c

  • SSDEEP

    6144:ZUZj3LOq20acQcCY/RBUlj/8IBaNgwqD3t5kgBwfg/JhG8N4Ccs+R:2Zj3LzZN0/vBaNgt5BwKJhXNWd

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      JaffaCakes118_98d5da824fabf016acea65ce4f45b4ad

    • Size

      275KB

    • MD5

      98d5da824fabf016acea65ce4f45b4ad

    • SHA1

      9e24b0782145056654a531125416901784f65a33

    • SHA256

      9a72961f7e496936d6ba0c059fd83896e25cec2a629787df149a701ed95107e1

    • SHA512

      c18eb94030b507e54b8dd7d593f602e249ffd6bcd09a777f0541bdb39d3989ba1db32c6a2f480b0232b0fe92a0151a74f10f8e63f6542c08907a9778f8a4a82c

    • SSDEEP

      6144:ZUZj3LOq20acQcCY/RBUlj/8IBaNgwqD3t5kgBwfg/JhG8N4Ccs+R:2Zj3LzZN0/vBaNgt5BwKJhXNWd

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks