metasploit | 7af27b4c28902c8b1ec12dbd51ac1580b1c5e78a81c2ed1ee7a5a15be8599ed8 | Triage

Sharing

General

Target

JaffaCakes118_7af27b4c28902c8b1ec12dbd51ac1580b1c5e78a81c2ed1ee7a5a15be8599ed8
Size

3KB
Sample

241223-q4nyja1mft
MD5

6d6ca8d4762718e4d41280d46e15f7f7
SHA1

5862de926624ad9a7ce16b06fcd0fae207bfeb3f
SHA256

7af27b4c28902c8b1ec12dbd51ac1580b1c5e78a81c2ed1ee7a5a15be8599ed8
SHA512

13db1c592b955fd057c3224df96743ab85280f2ce7fdee916d034706989d04959859f09003e4eb11aa3e6eba6ffefa939505a889a76909cdb9a3ef6bd6f33fcd

Score

10^/10

metasploit discovery execution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://175.27.236.117:3/IjCf

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; BOIE9;ENUS)

Targets

- Target
  
  JaffaCakes118_7af27b4c28902c8b1ec12dbd51ac1580b1c5e78a81c2ed1ee7a5a15be8599ed8
- Size
  
  3KB
- MD5
  
  6d6ca8d4762718e4d41280d46e15f7f7
- SHA1
  
  5862de926624ad9a7ce16b06fcd0fae207bfeb3f
- SHA256
  
  7af27b4c28902c8b1ec12dbd51ac1580b1c5e78a81c2ed1ee7a5a15be8599ed8
- SHA512
  
  13db1c592b955fd057c3224df96743ab85280f2ce7fdee916d034706989d04959859f09003e4eb11aa3e6eba6ffefa939505a889a76909cdb9a3ef6bd6f33fcd
Score

8^/10

discovery execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution