Overview

overview

10

Static

static

10

db21c46522...18.ps1

windows7-x64

8

db21c46522...18.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db21c46522323a61f10567b2982c6bf7_JaffaCakes118

  • Size

    2KB

  • Sample

    240911-yva93s1bla

  • MD5

    db21c46522323a61f10567b2982c6bf7

  • SHA1

    0259e3d968fda63117065640b6010f34186ca7fb

  • SHA256

    bf9aef4a0e62bec41c6c08c241be714e054571ad6fe95abfc5df4953cce3388d

  • SHA512

    7de5864f8b6db25f41cd54e9586505a8e0d2d2b74e4f40d1839f8fc68855ead91ba5a30a5045feccf4bd08de37feed3812e79272d8b1c4cc88325e25e35fcfb0

Score
10/10
metasploitdiscoveryexecution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://198.58.127.152:80/Search/News/

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      db21c46522323a61f10567b2982c6bf7_JaffaCakes118

    • Size

      2KB

    • MD5

      db21c46522323a61f10567b2982c6bf7

    • SHA1

      0259e3d968fda63117065640b6010f34186ca7fb

    • SHA256

      bf9aef4a0e62bec41c6c08c241be714e054571ad6fe95abfc5df4953cce3388d

    • SHA512

      7de5864f8b6db25f41cd54e9586505a8e0d2d2b74e4f40d1839f8fc68855ead91ba5a30a5045feccf4bd08de37feed3812e79272d8b1c4cc88325e25e35fcfb0

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks