General

  • Target

    00f4d85152ef839f7e8f5c153d2a4e59_JaffaCakes118

  • Size

    138KB

  • Sample

    240622-dclymsthrc

  • MD5

    00f4d85152ef839f7e8f5c153d2a4e59

  • SHA1

    8fe99a85095e2ab34cac15b07c28fbe91a21dad3

  • SHA256

    6ad78559c80fb352b1cb3d86c0a5a81c6f76fddf7be9d4a12c8abac193c3c8bd

  • SHA512

    70d01273dace668e0abd946ca2c73769cadc0cd85db7359aecd4f81e13ed682cf849b499c1cebf080e8a691382e2309f84e00a380ed671d3abad928f91b5043e

  • SSDEEP

    3072:G8PwA3BkRtMyrvnsHfuB3Bvr/vh76CvrV/4dC8EUHtf1:Ge2VvsibokRRUHt

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.1.128:3333

Targets

    • Target

      00f4d85152ef839f7e8f5c153d2a4e59_JaffaCakes118

    • Size

      138KB

    • MD5

      00f4d85152ef839f7e8f5c153d2a4e59

    • SHA1

      8fe99a85095e2ab34cac15b07c28fbe91a21dad3

    • SHA256

      6ad78559c80fb352b1cb3d86c0a5a81c6f76fddf7be9d4a12c8abac193c3c8bd

    • SHA512

      70d01273dace668e0abd946ca2c73769cadc0cd85db7359aecd4f81e13ed682cf849b499c1cebf080e8a691382e2309f84e00a380ed671d3abad928f91b5043e

    • SSDEEP

      3072:G8PwA3BkRtMyrvnsHfuB3Bvr/vh76CvrV/4dC8EUHtf1:Ge2VvsibokRRUHt

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks