Overview

overview

10

Static

static

8

5d3acc355d...8.docm

windows7-x64

10

5d3acc355d...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d3acc355d87a38d92482e1ee49410fa_JaffaCakes118

  • Size

    33KB

  • Sample

    240520-fbav4acb22

  • MD5

    5d3acc355d87a38d92482e1ee49410fa

  • SHA1

    3054b9fe8319a5e664b32c25816f14d4da57d73d

  • SHA256

    05afe11cac46b845e56a4e97ae5d6ecd674875ff02a22dce4c9f73c210a3f561

  • SHA512

    d37abfc56122ac572dd6155e7d31133c625264ed4af668b71dcf5887d6f5c18a40d62de37c42210beb923eb83a06d1d26ca7c97c1f3780680e7a6aa2676392dc

  • SSDEEP

    384:Hlj0ZDwPSDUdJFufogE8Nxt/ZtNN7icDmnC+JWspKYl9vwrLAZHa8fGebATSscVx:R0WaDaEwglxllNd3+V9CVeoOcznI

Score
10/10
metasploitbackdoormacrotrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://cloud.hcacorporate.net:443/MUBx

Targets

    • Target

      5d3acc355d87a38d92482e1ee49410fa_JaffaCakes118

    • Size

      33KB

    • MD5

      5d3acc355d87a38d92482e1ee49410fa

    • SHA1

      3054b9fe8319a5e664b32c25816f14d4da57d73d

    • SHA256

      05afe11cac46b845e56a4e97ae5d6ecd674875ff02a22dce4c9f73c210a3f561

    • SHA512

      d37abfc56122ac572dd6155e7d31133c625264ed4af668b71dcf5887d6f5c18a40d62de37c42210beb923eb83a06d1d26ca7c97c1f3780680e7a6aa2676392dc

    • SSDEEP

      384:Hlj0ZDwPSDUdJFufogE8Nxt/ZtNN7icDmnC+JWspKYl9vwrLAZHa8fGebATSscVx:R0WaDaEwglxllNd3+V9CVeoOcznI

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks