Overview

overview

10

Static

static

3

81d819dea1...18.dll

windows7-x64

1

81d819dea1...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81d819dea19ee3bb68e4fc270ef6137c_JaffaCakes118

  • Size

    16KB

  • Sample

    240529-zergssha91

  • MD5

    81d819dea19ee3bb68e4fc270ef6137c

  • SHA1

    7e878ab341636f6cd2ef5800979e2c2810dacff0

  • SHA256

    5c1d901f04a966c1b3017696a6541143e1948d2373603b39efaf8d192408b435

  • SHA512

    01673a25cd2acf376636ce9825f83b8c4792d7449985d25ed3ddcbae9451acfcf7e01cf798eb06b334df57c1b190a4c2d2aeb84523fc228492c64dea0f997a9a

  • SSDEEP

    192:5d9slT64N6d7aIbEaS5pqYMYXai9jOXbI+VNJypif7vF6Unb2/VS5shxu:5dRFEaoq7kjILVNJXp6Unb205s

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_winhttp

C2

https://1.tcp.cpolar.cn:20784/GzpeqbOPBJcyoTOgbc2pJwb-QePe0oW4h0_9IqjDapTaaAnz-tG_XqBmtRXdGdwpolYMmLYDcD1JqqbjMJ-rnOqoI1k3PzExMmzFdIl6vs7R3_4QKrHEp26utMSXhwBYOu

Targets

    • Target

      81d819dea19ee3bb68e4fc270ef6137c_JaffaCakes118

    • Size

      16KB

    • MD5

      81d819dea19ee3bb68e4fc270ef6137c

    • SHA1

      7e878ab341636f6cd2ef5800979e2c2810dacff0

    • SHA256

      5c1d901f04a966c1b3017696a6541143e1948d2373603b39efaf8d192408b435

    • SHA512

      01673a25cd2acf376636ce9825f83b8c4792d7449985d25ed3ddcbae9451acfcf7e01cf798eb06b334df57c1b190a4c2d2aeb84523fc228492c64dea0f997a9a

    • SSDEEP

      192:5d9slT64N6d7aIbEaS5pqYMYXai9jOXbI+VNJypif7vF6Unb2/VS5shxu:5dRFEaoq7kjILVNJXp6Unb205s

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks