Overview

overview

10

Static

static

8

1d2f027e6f...18.xls

windows7-x64

10

1d2f027e6f...18.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d2f027e6f6d546e2bca73d98c2f87f9_JaffaCakes118

  • Size

    38KB

  • Sample

    240506-s17btabh82

  • MD5

    1d2f027e6f6d546e2bca73d98c2f87f9

  • SHA1

    bb4b15ef1bc5107b861d74174c3cada9f8d7afa2

  • SHA256

    7a32719cd5cdacb9aac09218cf555a63aeaff0711d07e6468e87739e09aaf108

  • SHA512

    c55afdf0a5577e8982e13bb79f7252b756e50d9117a2f29016b9d6710b7940cf1af51525e54a3847e92aa3bdee7404e405e48a531dae7a5f2ce02c3e206b75a2

  • SSDEEP

    768:1BAk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJCWNP/nqWujwaJRYM+gBToD+pLK4Ed:7Ak3hbdlylKsgqopeJBWhZFGkE+cL2Nw

Score
10/10
metasploitbackdoormacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

46.101.51.212:4444

Targets

    • Target

      1d2f027e6f6d546e2bca73d98c2f87f9_JaffaCakes118

    • Size

      38KB

    • MD5

      1d2f027e6f6d546e2bca73d98c2f87f9

    • SHA1

      bb4b15ef1bc5107b861d74174c3cada9f8d7afa2

    • SHA256

      7a32719cd5cdacb9aac09218cf555a63aeaff0711d07e6468e87739e09aaf108

    • SHA512

      c55afdf0a5577e8982e13bb79f7252b756e50d9117a2f29016b9d6710b7940cf1af51525e54a3847e92aa3bdee7404e405e48a531dae7a5f2ce02c3e206b75a2

    • SSDEEP

      768:1BAk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJCWNP/nqWujwaJRYM+gBToD+pLK4Ed:7Ak3hbdlylKsgqopeJBWhZFGkE+cL2Nw

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks