General

  • Target

    b0d596308422acbaba1e293de5fffa0b_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240404-f22rhafg5y

  • MD5

    b0d596308422acbaba1e293de5fffa0b

  • SHA1

    1c64d6d09793014922debb14e90df35dac398427

  • SHA256

    64a30c1f547cfa1f38efe2a5080378cf00068aba6ae5dc0e76989a665357104e

  • SHA512

    66ef06c44b86b22b9c28275142d371bb926e508cfdc369960bdc9c5955b80f4795cec6ee7b23b835a380695102fc36f0034db84c936815c8281e46ecb8c52c30

  • SSDEEP

    24576:4eJZke+WFlpR/Gctc+rOD4GRNknjVWK3PfVfkEzhuVts2OwOD:4e7ke+4z9kFnknjV7CKuVw9

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

73.61.110.191:4444

Targets

    • Target

      b0d596308422acbaba1e293de5fffa0b_JaffaCakes118

    • Size

      1.1MB

    • MD5

      b0d596308422acbaba1e293de5fffa0b

    • SHA1

      1c64d6d09793014922debb14e90df35dac398427

    • SHA256

      64a30c1f547cfa1f38efe2a5080378cf00068aba6ae5dc0e76989a665357104e

    • SHA512

      66ef06c44b86b22b9c28275142d371bb926e508cfdc369960bdc9c5955b80f4795cec6ee7b23b835a380695102fc36f0034db84c936815c8281e46ecb8c52c30

    • SSDEEP

      24576:4eJZke+WFlpR/Gctc+rOD4GRNknjVWK3PfVfkEzhuVts2OwOD:4e7ke+4z9kFnknjV7CKuVw9

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks