General

  • Target

    bad5cfa2a6b240e8d035a6bd92df69a8_JaffaCakes118

  • Size

    32KB

  • Sample

    240618-kpqkxszelr

  • MD5

    bad5cfa2a6b240e8d035a6bd92df69a8

  • SHA1

    2e9a5d666e8039cbf89c3ef1e98a88dc70562c4e

  • SHA256

    c72a5b77352d6892681efaa48b3eb729a2b90f29d2ad90241af718a95d165a2f

  • SHA512

    4b7cce438470a5781f4696e22cf081826dff12a82321fa00625d5d5e009fa544fe16b3aba09e3332ef1f03a3235616fb959b1756e68c6167ed423063b3004496

  • SSDEEP

    768:l09HUhCpf9MnylBcc6bdUOclCP20WWDqBQWLnwOHjfeMvncM3zE:m9HZ9flBc3Z7clCP20WWbweT

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://code.jquery.thinkphp.me:443/LbHf

Targets

    • Target

      bad5cfa2a6b240e8d035a6bd92df69a8_JaffaCakes118

    • Size

      32KB

    • MD5

      bad5cfa2a6b240e8d035a6bd92df69a8

    • SHA1

      2e9a5d666e8039cbf89c3ef1e98a88dc70562c4e

    • SHA256

      c72a5b77352d6892681efaa48b3eb729a2b90f29d2ad90241af718a95d165a2f

    • SHA512

      4b7cce438470a5781f4696e22cf081826dff12a82321fa00625d5d5e009fa544fe16b3aba09e3332ef1f03a3235616fb959b1756e68c6167ed423063b3004496

    • SSDEEP

      768:l09HUhCpf9MnylBcc6bdUOclCP20WWDqBQWLnwOHjfeMvncM3zE:m9HZ9flBc3Z7clCP20WWbweT

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

JavaScript

1
T1059.007

Tasks