Overview

overview

10

Static

static

10

f6cf0dcc1d...18.pdf

windows7-x64

1

f6cf0dcc1d...18.pdf

windows10-2004-x64

1

Aula2.exe

windows7-x64

10

Aula2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6cf0dcc1dc2f98a1ce0736486da517c_JaffaCakes118

  • Size

    298KB

  • Sample

    240417-3jmk7ahg38

  • MD5

    f6cf0dcc1dc2f98a1ce0736486da517c

  • SHA1

    cd8d7c54127042641fa92b32cbfb92f470e2de07

  • SHA256

    67d4ac0f317775f2a87952330ff5ffb7147e00fc0e79396b15ba0c42993c3077

  • SHA512

    3b759a866eb0aa52f9ab39fb911c659c30881bcedff1b144ced2fa18c82d0a1337fd92e986dcca553e4433f1f5093971fed7a1575333501cc3bc61d1279f3507

  • SSDEEP

    6144:x1MRCVX+nX58rYK4mugGGDo62cjJKPG1RuyioAJkQJcdG80ejeZlND:MYZ+nXeEHio621O/qVSQ2GHT/V

Score
10/10
metasploitbackdoorjavascriptpdftrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

200.144.154.17:4444

Targets

    • Target

      f6cf0dcc1dc2f98a1ce0736486da517c_JaffaCakes118

    • Size

      298KB

    • MD5

      f6cf0dcc1dc2f98a1ce0736486da517c

    • SHA1

      cd8d7c54127042641fa92b32cbfb92f470e2de07

    • SHA256

      67d4ac0f317775f2a87952330ff5ffb7147e00fc0e79396b15ba0c42993c3077

    • SHA512

      3b759a866eb0aa52f9ab39fb911c659c30881bcedff1b144ced2fa18c82d0a1337fd92e986dcca553e4433f1f5093971fed7a1575333501cc3bc61d1279f3507

    • SSDEEP

      6144:x1MRCVX+nX58rYK4mugGGDo62cjJKPG1RuyioAJkQJcdG80ejeZlND:MYZ+nXeEHio621O/qVSQ2GHT/V

    Score
    1/10
    behavioral1behavioral2

    • Target

      Aula2.pdf

    • Size

      72KB

    • MD5

      5e24c8827ad466ed0a7013541ef406f8

    • SHA1

      52620b5364af8cb831966df388d176583f7bd612

    • SHA256

      40f06077e5f0a940f41a1fec21c082bcb173be11904e3101a543b4d8154fc9ae

    • SHA512

      ad9930ea99e94ebbabb32bfd71ec299258a64a7d6a46bdcb5468fcc4388c3a461f1996ee55211781dcb7c97f74a37119bc0d91051252ac41ac70c2211d0b1aba

    • SSDEEP

      1536:IMGk/icqfajENCZnssaL5eiTn4Mb+KR0Nc8QsJq39:HG+tjEO5e0Nc8QsC9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks