Malware Analysis Report

2024-09-23 03:50

Sample ID 240527-yggvpsgh34
Target 7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118
SHA256 503d40a2448407918c3433c53939bc5c6dc72c0d316c71a1c88655288ec69249
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

503d40a2448407918c3433c53939bc5c6dc72c0d316c71a1c88655288ec69249

Threat Level: Known bad

The file 7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Writes file to tmp directory

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-27 19:45

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 19:45

Reported

2024-05-27 19:47

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-27 19:45

Reported

2024-05-27 19:45

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-27 19:45

Reported

2024-05-27 19:45

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 19:45

Reported

2024-05-27 19:47

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

131s

Command Line

[/tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118]

Signatures

MetaSploit

trojan backdoor metasploit

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/poc.pls /tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118 N/A

Processes

/tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118

[/tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.14:443 tcp

Files

/tmp/poc.pls

MD5 8da102fa734bf308aca8ad208b632fc1
SHA1 080b14016b7d410dd6da9aee78a92d249e908ecb
SHA256 be3dce2c366ec30d88c37a9d9033d62a60bfdd2fb092208c78ecf504918fa61a
SHA512 9e83277403012edc0e8b1261f9126634b154eb0683af0d18f207a0a940d23f1dd3e400fb2db236c7d6ff4219dffc01f7e0b6c7264032f281f11d1243ee057399