metasploit | a66f6ec5d504f0e6fb16ca39d148754e8528413804fe7dcfae7bef1800192e79 | Triage

Sharing

General

Target

JaffaCakes118_a66f6ec5d504f0e6fb16ca39d148754e8528413804fe7dcfae7bef1800192e79
Size

3KB
Sample

241229-gyrykavmfm
MD5

09cc9c560e20d0c8011f77c30c9cc21d
SHA1

16c9bedf2d4def01ce8dae29ef979549e508db38
SHA256

a66f6ec5d504f0e6fb16ca39d148754e8528413804fe7dcfae7bef1800192e79
SHA512

6a479d6963a031551b9339008280a491c259393233130e8989ccbecb6b9649ed4c417b7a5783812adbcd322ebb6f592a2ccbb80aaa55b2713ebf909662d306ea

Score

10^/10

metasploit discovery execution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://newslimitless.com:443/Develop/v5.59/HAJYVLCWIA

Targets

- Target
  
  JaffaCakes118_a66f6ec5d504f0e6fb16ca39d148754e8528413804fe7dcfae7bef1800192e79
- Size
  
  3KB
- MD5
  
  09cc9c560e20d0c8011f77c30c9cc21d
- SHA1
  
  16c9bedf2d4def01ce8dae29ef979549e508db38
- SHA256
  
  a66f6ec5d504f0e6fb16ca39d148754e8528413804fe7dcfae7bef1800192e79
- SHA512
  
  6a479d6963a031551b9339008280a491c259393233130e8989ccbecb6b9649ed4c417b7a5783812adbcd322ebb6f592a2ccbb80aaa55b2713ebf909662d306ea
Score

8^/10

discovery execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution