Overview

overview

10

Static

static

3

f38eb87def...18.exe

windows7-x64

10

f38eb87def...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f38eb87defd745e84caf86544431588b_JaffaCakes118

  • Size

    279KB

  • Sample

    240416-qcs36scd91

  • MD5

    f38eb87defd745e84caf86544431588b

  • SHA1

    3043a43459191b73bcd666bb87cd0397f1ecfa1b

  • SHA256

    2fbeb5f59042c9e15f89ec882022545d98d1421afcb2f84c165bdf385cc5cb5f

  • SHA512

    b8d5080f2a86b9e518def1e42ccfc020dcdfee1e73e0230df3c4efb0089ae710a2a3a3d096ae024f2198f9d6fc7be87806cc82a0b376485bf5042940e78cb905

  • SSDEEP

    6144:Xep1D2k+GBYw9Ui92YrjwinRHy1BGQCIzb:Xep1cGWZk2KjXndy1BR

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://101.99.90.100:443/jquery-3.3.1.slim.min.js

Targets

    • Target

      f38eb87defd745e84caf86544431588b_JaffaCakes118

    • Size

      279KB

    • MD5

      f38eb87defd745e84caf86544431588b

    • SHA1

      3043a43459191b73bcd666bb87cd0397f1ecfa1b

    • SHA256

      2fbeb5f59042c9e15f89ec882022545d98d1421afcb2f84c165bdf385cc5cb5f

    • SHA512

      b8d5080f2a86b9e518def1e42ccfc020dcdfee1e73e0230df3c4efb0089ae710a2a3a3d096ae024f2198f9d6fc7be87806cc82a0b376485bf5042940e78cb905

    • SSDEEP

      6144:Xep1D2k+GBYw9Ui92YrjwinRHy1BGQCIzb:Xep1cGWZk2KjXndy1BR

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks