Overview

overview

10

Static

static

8

06e0998e9c...18.doc

windows7-x64

10

06e0998e9c...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06e0998e9c8ae7ba03cf2c5e10c3a2c9_JaffaCakes118

  • Size

    115KB

  • Sample

    240429-fqjrjsbe61

  • MD5

    06e0998e9c8ae7ba03cf2c5e10c3a2c9

  • SHA1

    e144ed0a39d7b2f71fd1f29a3e2a6cd97a6db4a3

  • SHA256

    31a8593b18120bcd4f5060bbece6be1396e158ba439b8315a22774dda3e98413

  • SHA512

    cf9bface8227dca4432f6f33ec4249186095ff7def63f5dd15c7690695d9d0c9feefcaac3a8fc394f8c9ba2f7c1dd4e21866e1a5a3eb2dfcecd49481a1ee2375

  • SSDEEP

    1536:mAG1udvDu3xv+pekyzdJNWiKuBGjsJIGgVawLkRyvj:HGwd8GCWSIGQawLi

Score
10/10
metasploitbackdoormacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.0.30:80/nQCZ

Attributes
  • headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)

Targets

    • Target

      06e0998e9c8ae7ba03cf2c5e10c3a2c9_JaffaCakes118

    • Size

      115KB

    • MD5

      06e0998e9c8ae7ba03cf2c5e10c3a2c9

    • SHA1

      e144ed0a39d7b2f71fd1f29a3e2a6cd97a6db4a3

    • SHA256

      31a8593b18120bcd4f5060bbece6be1396e158ba439b8315a22774dda3e98413

    • SHA512

      cf9bface8227dca4432f6f33ec4249186095ff7def63f5dd15c7690695d9d0c9feefcaac3a8fc394f8c9ba2f7c1dd4e21866e1a5a3eb2dfcecd49481a1ee2375

    • SSDEEP

      1536:mAG1udvDu3xv+pekyzdJNWiKuBGjsJIGgVawLkRyvj:HGwd8GCWSIGQawLi

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks