Overview

overview

10

Static

static

1

1e0c8821f7...8.html

windows7-x64

10

1e0c8821f7...8.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e0c8821f75cf012331fb877f03149f0_JaffaCakes118

  • Size

    6KB

  • Sample

    240506-ybg9aaba34

  • MD5

    1e0c8821f75cf012331fb877f03149f0

  • SHA1

    04233fce3ef27db8dcc9019158113f7486a5d466

  • SHA256

    af61080e67917e6e85d25b2032ffd30a6d2c15d304ae3a7328b46693e59f0b32

  • SHA512

    734e18204fc85514d05d1bc6af6605dfcaea598bf84f4d9dec2a7a2a487e6b18363fbfd48d39d6d2b6834b44f45d4004078ae0613bb83c930b91cad5ee0715f3

  • SSDEEP

    192:9Din2wZHaDygv1B0a9mvqrKiV3hLoYPxohtqhdOaxV:on2UaDrBR8tKlPChtqhdXV

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://plano.xoom.it/win.bat

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

151.26.227.4:443

Targets

    • Target

      1e0c8821f75cf012331fb877f03149f0_JaffaCakes118

    • Size

      6KB

    • MD5

      1e0c8821f75cf012331fb877f03149f0

    • SHA1

      04233fce3ef27db8dcc9019158113f7486a5d466

    • SHA256

      af61080e67917e6e85d25b2032ffd30a6d2c15d304ae3a7328b46693e59f0b32

    • SHA512

      734e18204fc85514d05d1bc6af6605dfcaea598bf84f4d9dec2a7a2a487e6b18363fbfd48d39d6d2b6834b44f45d4004078ae0613bb83c930b91cad5ee0715f3

    • SSDEEP

      192:9Din2wZHaDygv1B0a9mvqrKiV3hLoYPxohtqhdOaxV:on2UaDrBR8tKlPChtqhdXV

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks