General

  • Target

    09002315bf0b02cb2a4995a034d7bebb_JaffaCakes118

  • Size

    67KB

  • Sample

    240620-xx7wdsxekq

  • MD5

    09002315bf0b02cb2a4995a034d7bebb

  • SHA1

    6402ee7fb8048e41b42ebf00d2d7b9199c421090

  • SHA256

    9529f52df762445eb3c156a205cdf974b5768402dddf6d61bada2c844f65d399

  • SHA512

    7f6d311064db4c84e7eeabdaed7e51269c57ae2c30ec4393843c08db734218d605b4fe6a6c1c089474f3f7226966426f2d6be714a6fb587f9eff373f4a8cbc86

  • SSDEEP

    1536:P4mqSiBN42CuJta4sxXZk2YrN0mD2rCtxnXtAbDkeaPq3:1qSiT4AtapZZk2oGmDSuXtKDk/A

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.85:4444

Targets

    • Target

      09002315bf0b02cb2a4995a034d7bebb_JaffaCakes118

    • Size

      67KB

    • MD5

      09002315bf0b02cb2a4995a034d7bebb

    • SHA1

      6402ee7fb8048e41b42ebf00d2d7b9199c421090

    • SHA256

      9529f52df762445eb3c156a205cdf974b5768402dddf6d61bada2c844f65d399

    • SHA512

      7f6d311064db4c84e7eeabdaed7e51269c57ae2c30ec4393843c08db734218d605b4fe6a6c1c089474f3f7226966426f2d6be714a6fb587f9eff373f4a8cbc86

    • SSDEEP

      1536:P4mqSiBN42CuJta4sxXZk2YrN0mD2rCtxnXtAbDkeaPq3:1qSiT4AtapZZk2oGmDSuXtKDk/A

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks