Overview

overview

10

Static

static

3

fa8a468a9b...18.exe

windows7-x64

10

fa8a468a9b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118

  • Size

    320KB

  • Sample

    240419-r789bafa95

  • MD5

    fa8a468a9ba7c90e58da7e57857a2d1f

  • SHA1

    974a20b74503ab4fd7bb6c62be0d5cd5735b30e9

  • SHA256

    7b6674bbde714e1285fa64caecc1f9d90e3ca8ac1a8f01035e1ef9afcfb54eaf

  • SHA512

    3f86bac8570fa01baf5ab6443e2c9778527604ece45632de5143eb58d169b0d36ea9f8db404db61642fa78888cb2ba9fc958da13ba700328af5f20a819fc63a0

  • SSDEEP

    3072:SsdCmcW91L/RFQSAZVyv6mPwyYqk9Pxqk6hx5E/0a:tNc29/RFjAywCk9H6hx5E/0

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.0.125:4444

Targets

    • Target

      fa8a468a9ba7c90e58da7e57857a2d1f_JaffaCakes118

    • Size

      320KB

    • MD5

      fa8a468a9ba7c90e58da7e57857a2d1f

    • SHA1

      974a20b74503ab4fd7bb6c62be0d5cd5735b30e9

    • SHA256

      7b6674bbde714e1285fa64caecc1f9d90e3ca8ac1a8f01035e1ef9afcfb54eaf

    • SHA512

      3f86bac8570fa01baf5ab6443e2c9778527604ece45632de5143eb58d169b0d36ea9f8db404db61642fa78888cb2ba9fc958da13ba700328af5f20a819fc63a0

    • SSDEEP

      3072:SsdCmcW91L/RFQSAZVyv6mPwyYqk9Pxqk6hx5E/0a:tNc29/RFjAywCk9H6hx5E/0

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks