Overview

overview

10

Static

static

3

8822b510c7...18.exe

windows7-x64

10

8822b510c7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8822b510c7a6084e481376ed48e8e074_JaffaCakes118

  • Size

    4.1MB

  • Sample

    240531-yfph6aba2t

  • MD5

    8822b510c7a6084e481376ed48e8e074

  • SHA1

    c092ff067deeadd5a1b8d9d67df959b45a6dd389

  • SHA256

    551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a

  • SHA512

    a538e18a0cdda3f2cc37ec702a1833eae1038cb370d1538d911718e1c5a459aaf377e349670ea069295b71b72dc3bf4a0d60fe601c70554bd52e660826e6cb6d

  • SSDEEP

    98304:p/IfWQ2qr04vMLOMzHZ/R11zg/e0cJcX2UbCS/2wmrh3yj:cWQ2s04Gj1n1zgngo2ohmW

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

172.16.4.78:4444

Targets

    • Target

      8822b510c7a6084e481376ed48e8e074_JaffaCakes118

    • Size

      4.1MB

    • MD5

      8822b510c7a6084e481376ed48e8e074

    • SHA1

      c092ff067deeadd5a1b8d9d67df959b45a6dd389

    • SHA256

      551e815844958ea8e208775ebc5fd8e8de97d743e20fe24b63bdbda1414fc98a

    • SHA512

      a538e18a0cdda3f2cc37ec702a1833eae1038cb370d1538d911718e1c5a459aaf377e349670ea069295b71b72dc3bf4a0d60fe601c70554bd52e660826e6cb6d

    • SSDEEP

      98304:p/IfWQ2qr04vMLOMzHZ/R11zg/e0cJcX2UbCS/2wmrh3yj:cWQ2s04Gj1n1zgngo2ohmW

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks