General

  • Target

    JaffaCakes118_8d7be839963ce4e4129817a707942b26

  • Size

    3.0MB

  • Sample

    250108-fzn3mawjfx

  • MD5

    8d7be839963ce4e4129817a707942b26

  • SHA1

    be3f9bdb75ada38cfbde4536b73123624c27f701

  • SHA256

    d578c73494cefb6085289a0860f0828f5e53242ccbeecd4211f6431cc719d96a

  • SHA512

    8f001353d87e1b2c69bbe2ef2f0d25c72094028fad468f32a8e31553981b62cb4b3f6dc1810df99971a9f8fe455492d0f3c71725f2b864cb4f0d0b52db5c2c56

  • SSDEEP

    98304:e69201BfKEpPx+gsDcApAbbXWKIpHmgxQAHfqL89:my0gYJmbbXWjpH/Hr

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.147.128:4444

Targets

    • Target

      JaffaCakes118_8d7be839963ce4e4129817a707942b26

    • Size

      3.0MB

    • MD5

      8d7be839963ce4e4129817a707942b26

    • SHA1

      be3f9bdb75ada38cfbde4536b73123624c27f701

    • SHA256

      d578c73494cefb6085289a0860f0828f5e53242ccbeecd4211f6431cc719d96a

    • SHA512

      8f001353d87e1b2c69bbe2ef2f0d25c72094028fad468f32a8e31553981b62cb4b3f6dc1810df99971a9f8fe455492d0f3c71725f2b864cb4f0d0b52db5c2c56

    • SSDEEP

      98304:e69201BfKEpPx+gsDcApAbbXWKIpHmgxQAHfqL89:my0gYJmbbXWjpH/Hr

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Metasploit family

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks