General

  • Target

    e28cf6caa5334019a4999cdc11945206_JaffaCakes118

  • Size

    173KB

  • Sample

    240406-pq1vhaah73

  • MD5

    e28cf6caa5334019a4999cdc11945206

  • SHA1

    e5ffe80f8c7c2272793f61b83c9e7bd1621e31df

  • SHA256

    4afd9f0dde092daeac3f3e6ffb0aee06682b3dba6005d2bd1a914eefd5cc6a30

  • SHA512

    48f348b5a055790dd57f5759b9305a3c4486a1c4f75a757c76f0de76d0b2c2a3d0be0766ba1b6f2d7f2a71acf257cc11b825fee47bb7e37a42467da596b70d19

  • SSDEEP

    3072:Fq4taaCrtdYHrKVHP82Zq0Cx3b810q6Yt7SP:A4UxU+q0U3IPSP

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://5.34.178.140:80/image-directory/be.jpg

Attributes
  • headers Host: samejd.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36

Targets

    • Target

      e28cf6caa5334019a4999cdc11945206_JaffaCakes118

    • Size

      173KB

    • MD5

      e28cf6caa5334019a4999cdc11945206

    • SHA1

      e5ffe80f8c7c2272793f61b83c9e7bd1621e31df

    • SHA256

      4afd9f0dde092daeac3f3e6ffb0aee06682b3dba6005d2bd1a914eefd5cc6a30

    • SHA512

      48f348b5a055790dd57f5759b9305a3c4486a1c4f75a757c76f0de76d0b2c2a3d0be0766ba1b6f2d7f2a71acf257cc11b825fee47bb7e37a42467da596b70d19

    • SSDEEP

      3072:Fq4taaCrtdYHrKVHP82Zq0Cx3b810q6Yt7SP:A4UxU+q0U3IPSP

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

MITRE ATT&CK Matrix

Tasks