General

  • Target

    2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118

  • Size

    5KB

  • Sample

    240707-3gh5zstenh

  • MD5

    2a2b9c4e86ea708cb5dcf9f2912e6705

  • SHA1

    725bcaa83a31772520386e0c2fffc57f68676068

  • SHA256

    e0273dcc42f7426c64c9f2524d2cb0210c70ca4a2a8f25e5f31e44a1da8086ca

  • SHA512

    973948c148681654b103a784e437f1440c4ca20e77956dd3a7221164527130f183af57816719368d1dfcc8d71131eb186776d264add7e4a2979fa931e64c7d12

  • SSDEEP

    48:qFGFajFK3zSIe7h/TMXhZo+lC56afAfRa:eGFajRJhwo9Up

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://149.248.6.193:2009/HaD_DhtsZRt31HbVKPE1pwb_9iTx8rtfDNK6yWZphwG1YiYW-Fgnw176VSqa

Targets

    • Target

      2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118

    • Size

      5KB

    • MD5

      2a2b9c4e86ea708cb5dcf9f2912e6705

    • SHA1

      725bcaa83a31772520386e0c2fffc57f68676068

    • SHA256

      e0273dcc42f7426c64c9f2524d2cb0210c70ca4a2a8f25e5f31e44a1da8086ca

    • SHA512

      973948c148681654b103a784e437f1440c4ca20e77956dd3a7221164527130f183af57816719368d1dfcc8d71131eb186776d264add7e4a2979fa931e64c7d12

    • SSDEEP

      48:qFGFajFK3zSIe7h/TMXhZo+lC56afAfRa:eGFajRJhwo9Up

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks