General

  • Target

    00bdfb79d51bc86c47a7b5b24caf66ac_JaffaCakes118

  • Size

    395KB

  • Sample

    240622-b9cecs1hrb

  • MD5

    00bdfb79d51bc86c47a7b5b24caf66ac

  • SHA1

    4f857c70084b299f0daea81cff5b7da9257ab411

  • SHA256

    8345a4e04b105eba426233545a67642d5f036b08ac7bf13a4961127b2ae1900a

  • SHA512

    4a53257665503af52d6a460e742a1e0ea2bc1c42e17a7e4fe88877c77b1a5221611dfbc96aeba05f34b67c88b841c7808f2123719ebdb0c566b15ddc61b50cee

  • SSDEEP

    6144:xVg35m4O59/PkphwpR1k7GgMwgd9qt7ZMKHaUnvkij+xWTILH0Xt3oHwg:x6O55dR1fgjU4VXbciSxWTWH0duD

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

213.64.73.162:4444

Targets

    • Target

      Merchant Canceller 1.0/Injector.exe

    • Size

      122KB

    • MD5

      7cf358b3df6f2b378fe6bddcae44a930

    • SHA1

      a53f211f9a80b1956fa28c995ba1b99be856fc22

    • SHA256

      584445127be636d382ba893af6e2acc2bd53182bbfcc6a8e0488ebeffdace632

    • SHA512

      919e776a2bdcc2ec68bb8ab6f9be3997c6386361bc882093594acec5fdf7519252651a4f47ec41e1bf53ac376e720eb44a66fe6a3e3a967519d6b244236a1f87

    • SSDEEP

      1536:IFtvhucEboSMXUudS5gcTejoMb+KR0Nc8Qs1UY1EjzJYWDVZaoq3XEl:6tv9EboDbqgye8e0Nc8QsoY6aNUl

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Target

      Merchant Canceller 1.0/Merchantinator.dll

    • Size

      48KB

    • MD5

      4ebb47d2d60c6fd3e9b324e1a3a9aee9

    • SHA1

      0bdf4cf785b9396f864eb321f219b0b0726f3856

    • SHA256

      2c77a840143b3642da28d3eb1d34c631e674475ef6ce775668f94ee06c8526f9

    • SHA512

      f001b39e1983f2137b92695df49bf52141b94600309409beee6b73c76a09d13125c4cb233456fee4f1cdc76adf071fdbe24cf8efb1a5f4387cb373fffa05e9e8

    • SSDEEP

      768:dggXIpl73v1ny+5AuGQmqaEstl2TLJAKGefmwsdhRlyQDuzJvOZn+2D:aN73vhjAuUqaWLuKGefmwsdhJuxOZtD

    Score
    3/10
    • Target

      Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Injector.exe

    • Size

      296KB

    • MD5

      844d0b343bca1e3490d8e4b754056d7e

    • SHA1

      8cc2508831f4ed4dc26829adcfd6ffe49eb4bd84

    • SHA256

      c2cb507d86f3803bb2d7d5d72e5a0c50409b1e936ad158c70f36ad14522b82bf

    • SHA512

      bc68cacd592055521fd314c9f3643c3c8503d3bdafa3ca6e1b096f45de0f8c8fa29b03a4e44591caf1efd76426edb05fc3dcbb70f16786e94398db8fd97d1054

    • SSDEEP

      6144:Vkt82J7rPs+Nq1bUkziu1n9fcg6wvP6bQ7yMP+DE827fg4ZiP1v/:VU82J7rE+NaQkz7x9fcg76b7MP+Dd2sV

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Merchant Canceller 1.0/ifThisInjectorDontWorkTryThisOne/Merchantinator.dll

    • Size

      48KB

    • MD5

      4ebb47d2d60c6fd3e9b324e1a3a9aee9

    • SHA1

      0bdf4cf785b9396f864eb321f219b0b0726f3856

    • SHA256

      2c77a840143b3642da28d3eb1d34c631e674475ef6ce775668f94ee06c8526f9

    • SHA512

      f001b39e1983f2137b92695df49bf52141b94600309409beee6b73c76a09d13125c4cb233456fee4f1cdc76adf071fdbe24cf8efb1a5f4387cb373fffa05e9e8

    • SSDEEP

      768:dggXIpl73v1ny+5AuGQmqaEstl2TLJAKGefmwsdhRlyQDuzJvOZn+2D:aN73vhjAuUqaWLuKGefmwsdhJuxOZtD

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks