General

  • Target

    088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118

  • Size

    100KB

  • Sample

    240624-pth4vswclj

  • MD5

    088c14ef29c2148b1424f2b2cc3dc8ba

  • SHA1

    0de2e6d4e3ce5a447ac166b4f7afcd0fd8f77932

  • SHA256

    3655207cb587d1ecc0c207b69c7f808b0d15e31cf8613de91dedb1b365210a65

  • SHA512

    93c7d5c2c02863ca1440d31e35d54699d5398a516583e6ab195b6e3a85df6c9d5f301388a168191c88891c207fe15512b83cb9d8bb403924f9a22c7eaf9b0fd6

  • SSDEEP

    1536:6tKOKXcN69y3AIXXLThstIUODYYF7g/N6P4SX4s4ASyV3ZBDruma:62XcNCy3AIXXfhstT1jN6gQSWX1a

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_nonx_tcp

C2

192.168.1.10:4444

Targets

    • Target

      088c14ef29c2148b1424f2b2cc3dc8ba_JaffaCakes118

    • Size

      100KB

    • MD5

      088c14ef29c2148b1424f2b2cc3dc8ba

    • SHA1

      0de2e6d4e3ce5a447ac166b4f7afcd0fd8f77932

    • SHA256

      3655207cb587d1ecc0c207b69c7f808b0d15e31cf8613de91dedb1b365210a65

    • SHA512

      93c7d5c2c02863ca1440d31e35d54699d5398a516583e6ab195b6e3a85df6c9d5f301388a168191c88891c207fe15512b83cb9d8bb403924f9a22c7eaf9b0fd6

    • SSDEEP

      1536:6tKOKXcN69y3AIXXLThstIUODYYF7g/N6P4SX4s4ASyV3ZBDruma:62XcNCy3AIXXfhstT1jN6gQSWX1a

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks