General

  • Target

    03cbb412f08a849c0aa9218b6fd961f7_JaffaCakes118

  • Size

    72KB

  • Sample

    240622-zer4bstbje

  • MD5

    03cbb412f08a849c0aa9218b6fd961f7

  • SHA1

    0cd5f41afdd3b7d4485a44326e3cdc73a3221de5

  • SHA256

    3e3ddd4761c4e0990b3a6da07a4150e943d1052d2c1a23aa0ceae34825577b23

  • SHA512

    95fdde1251a734ed2e05289b4ff7a4146f9cf1e1e8b2206222c45887e8b6e0ef5ce22a3b0b2a1bd48d0d90ce30afd85b9624cb967a4570605e15e6716db52829

  • SSDEEP

    1536:IuMNTTkgZGQoMhDTi/SN78LLrCdse75Mb+KR0Nc8QsJq39:kTTkgBn3iaNSCds65e0Nc8QsC9

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

    • Target

      03cbb412f08a849c0aa9218b6fd961f7_JaffaCakes118

    • Size

      72KB

    • MD5

      03cbb412f08a849c0aa9218b6fd961f7

    • SHA1

      0cd5f41afdd3b7d4485a44326e3cdc73a3221de5

    • SHA256

      3e3ddd4761c4e0990b3a6da07a4150e943d1052d2c1a23aa0ceae34825577b23

    • SHA512

      95fdde1251a734ed2e05289b4ff7a4146f9cf1e1e8b2206222c45887e8b6e0ef5ce22a3b0b2a1bd48d0d90ce30afd85b9624cb967a4570605e15e6716db52829

    • SSDEEP

      1536:IuMNTTkgZGQoMhDTi/SN78LLrCdse75Mb+KR0Nc8QsJq39:kTTkgBn3iaNSCds65e0Nc8QsC9

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix

Tasks