Overview

overview

10

Static

static

3

4b2eec1fcb...18.exe

windows7-x64

10

4b2eec1fcb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b2eec1fcb130c66354c3c764fb36e2a_JaffaCakes118

  • Size

    102KB

  • Sample

    240331-dcrtwsda74

  • MD5

    4b2eec1fcb130c66354c3c764fb36e2a

  • SHA1

    7252d7f16e29012d2aa7ff29215eff2ad39236b4

  • SHA256

    29f4ef54e2746028dd68a286578cf472be04f425cd07f8d754306076296d0e20

  • SHA512

    5773c555c8a7855fdfb582dc628a226c0846c003460ca89f24e2937041ef93a996a3989848af813012f61187d107e6301e832fe5af011e511429f2ec0b860348

  • SSDEEP

    3072:GN2Cs1FNvl3ogl5KfHxFxACVSEoCGRqHrczSZ:GoR1ogHiRFxpVzoCGRqHrczS

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

217.182.208.93:4770

Targets

    • Target

      4b2eec1fcb130c66354c3c764fb36e2a_JaffaCakes118

    • Size

      102KB

    • MD5

      4b2eec1fcb130c66354c3c764fb36e2a

    • SHA1

      7252d7f16e29012d2aa7ff29215eff2ad39236b4

    • SHA256

      29f4ef54e2746028dd68a286578cf472be04f425cd07f8d754306076296d0e20

    • SHA512

      5773c555c8a7855fdfb582dc628a226c0846c003460ca89f24e2937041ef93a996a3989848af813012f61187d107e6301e832fe5af011e511429f2ec0b860348

    • SSDEEP

      3072:GN2Cs1FNvl3ogl5KfHxFxACVSEoCGRqHrczSZ:GoR1ogHiRFxpVzoCGRqHrczS

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks