General

  • Target

    b744a22fe1fe174504289f5856d8fd70_JaffaCakes118

  • Size

    19.9MB

  • Sample

    240617-hkydvsshmn

  • MD5

    b744a22fe1fe174504289f5856d8fd70

  • SHA1

    347719365a554d31a795554794d82c15ea656ba4

  • SHA256

    a5476084f4beed4d510c9dab4a1544dde1c05cc0a88cfd55b316ef097ba2b273

  • SHA512

    6398440b39b394a009586ff133776ba6b2f5c18a7ef46a77cd5c9c7ea1899d54c47dc8dc05cb4b85be4420b755e0843a8fb0798a706e3717da42688349c1e767

  • SSDEEP

    393216:0p0ACvKSZn6fx86wrSvqMN7TfwEcsRA+SnRITSmfwo+DKmsS2g8kU:KC36fS6wrSBNAARBcRITEo+12N

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.0.0.4:5567

Targets

    • Target

      b744a22fe1fe174504289f5856d8fd70_JaffaCakes118

    • Size

      19.9MB

    • MD5

      b744a22fe1fe174504289f5856d8fd70

    • SHA1

      347719365a554d31a795554794d82c15ea656ba4

    • SHA256

      a5476084f4beed4d510c9dab4a1544dde1c05cc0a88cfd55b316ef097ba2b273

    • SHA512

      6398440b39b394a009586ff133776ba6b2f5c18a7ef46a77cd5c9c7ea1899d54c47dc8dc05cb4b85be4420b755e0843a8fb0798a706e3717da42688349c1e767

    • SSDEEP

      393216:0p0ACvKSZn6fx86wrSvqMN7TfwEcsRA+SnRITSmfwo+DKmsS2g8kU:KC36fS6wrSBNAARBcRITEo+12N

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks