Overview

overview

10

Static

static

10

37e602c075...18.ps1

windows7-x64

8

37e602c075...18.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37e602c075b556227abcc2e6496c9f7a_JaffaCakes118

  • Size

    2KB

  • Sample

    240512-dggjqadc6z

  • MD5

    37e602c075b556227abcc2e6496c9f7a

  • SHA1

    8803cba7987a5b6b0396ef4fe4efc52b70ff6628

  • SHA256

    d4ef7b92009d4db0978be27b58dc3f4a830d596964ba323d5b757565e2ba2a5e

  • SHA512

    c4889fca09e764fb4baab832db4da5c3c19ccca638645af0e43de7d228532b23ac84204bb608127741ff7a673b85aa9dbb83891c945854a1fc4676fdfc536960

Score
10/10
metasploitexecution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://173.230.133.135:443/Kom5

Targets

    • Target

      37e602c075b556227abcc2e6496c9f7a_JaffaCakes118

    • Size

      2KB

    • MD5

      37e602c075b556227abcc2e6496c9f7a

    • SHA1

      8803cba7987a5b6b0396ef4fe4efc52b70ff6628

    • SHA256

      d4ef7b92009d4db0978be27b58dc3f4a830d596964ba323d5b757565e2ba2a5e

    • SHA512

      c4889fca09e764fb4baab832db4da5c3c19ccca638645af0e43de7d228532b23ac84204bb608127741ff7a673b85aa9dbb83891c945854a1fc4676fdfc536960

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks