General

  • Target

    02c86a93a90ee9d71589c4dfbac66665_JaffaCakes118

  • Size

    138KB

  • Sample

    240622-tcnp8sxerl

  • MD5

    02c86a93a90ee9d71589c4dfbac66665

  • SHA1

    0540224d7264f008ae3c54bbf604a4428c92c9a8

  • SHA256

    957cc583d5d0e0ca44f9c0d9a26261be47de5d8a599fe9b683274bc955c01946

  • SHA512

    92540239c52a1e154e2fada4d5e41f098f0c78ad825252ea339fa174afa3392f8b7088263ef1c16c55757d8c50836ee2d76dc5d40d825c73677770685ae58d2b

  • SSDEEP

    3072:m8PwA3BkRtMi7vnsHTuhlBCTkWMQcej97/4dC8MUHtv1:me21vs4ChR97JUHt

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.1.26:4444

Targets

    • Target

      02c86a93a90ee9d71589c4dfbac66665_JaffaCakes118

    • Size

      138KB

    • MD5

      02c86a93a90ee9d71589c4dfbac66665

    • SHA1

      0540224d7264f008ae3c54bbf604a4428c92c9a8

    • SHA256

      957cc583d5d0e0ca44f9c0d9a26261be47de5d8a599fe9b683274bc955c01946

    • SHA512

      92540239c52a1e154e2fada4d5e41f098f0c78ad825252ea339fa174afa3392f8b7088263ef1c16c55757d8c50836ee2d76dc5d40d825c73677770685ae58d2b

    • SSDEEP

      3072:m8PwA3BkRtMi7vnsHTuhlBCTkWMQcej97/4dC8MUHtv1:me21vs4ChR97JUHt

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks