Overview

overview

10

Static

static

8

56cbbea853...18.doc

windows7-x64

6

56cbbea853...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56cbbea8535c0e8ae967fcdec17db491_JaffaCakes118

  • Size

    6.4MB

  • Sample

    240518-zywwmaff4t

  • MD5

    56cbbea8535c0e8ae967fcdec17db491

  • SHA1

    2829de0b258610b9e3279343661700ca16694a45

  • SHA256

    70d44165f308acccfa77bfb60a7592fdd38c03e2a403745effec31e3fffdc3e4

  • SHA512

    ed21ed9c5bb9db184a11167bf4452e63e434076d34522f36a2fc251805fae288aa3a25e515adef630636ab12bd865d110f9c60d08b09cc104aae65a84e9be7bd

  • SSDEEP

    24576:nJBLCi8+IgnJMjDH9ZwiLC4JgGrM7vqNYeYwIstYXTLgQQ5MDcLQUrO/Z1WQ0mtD:JBLCph6rRDp72DwnH

Score
10/10
metasploitbackdoormacromacro_on_actionpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://193.70.125.186:443/PTbV

Targets

    • Target

      56cbbea8535c0e8ae967fcdec17db491_JaffaCakes118

    • Size

      6.4MB

    • MD5

      56cbbea8535c0e8ae967fcdec17db491

    • SHA1

      2829de0b258610b9e3279343661700ca16694a45

    • SHA256

      70d44165f308acccfa77bfb60a7592fdd38c03e2a403745effec31e3fffdc3e4

    • SHA512

      ed21ed9c5bb9db184a11167bf4452e63e434076d34522f36a2fc251805fae288aa3a25e515adef630636ab12bd865d110f9c60d08b09cc104aae65a84e9be7bd

    • SSDEEP

      24576:nJBLCi8+IgnJMjDH9ZwiLC4JgGrM7vqNYeYwIstYXTLgQQ5MDcLQUrO/Z1WQ0mtD:JBLCph6rRDp72DwnH

    Score
    10/10
    persistencemetasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks