Overview

overview

10

Static

static

8

8e97fb9ae6...18.doc

windows7-x64

10

8e97fb9ae6...18.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118

  • Size

    290KB

  • Sample

    240602-s6tb5sfh3x

  • MD5

    8e97fb9ae61276078d02a0f96796b53e

  • SHA1

    1ef4f6d7a8bf28e855458f55ccbaa322152ffffd

  • SHA256

    aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47

  • SHA512

    6fcd0a8680c3836f796bf81e27e9273c648c81dac8c6deac235d259ba648abb03372e615e987c361b33898f17773d9287cf8c1040b15c11bd50e1bc455759e38

  • SSDEEP

    1536:8AFNU2ieWA0KTSclQdhJ7SzvYSD538zR+pek0cSWpXjybt4KK:8AFseWDclQdhYzvDz89K

Score
10/10
metasploitbackdoormacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://165.22.71.42:80/aU1u

Attributes
  • headers User-Agent: Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

    • Target

      8e97fb9ae61276078d02a0f96796b53e_JaffaCakes118

    • Size

      290KB

    • MD5

      8e97fb9ae61276078d02a0f96796b53e

    • SHA1

      1ef4f6d7a8bf28e855458f55ccbaa322152ffffd

    • SHA256

      aef703b3c0222fae2afdbdf558cfef1aa327c06608d4c583a9c1a6dcaa169c47

    • SHA512

      6fcd0a8680c3836f796bf81e27e9273c648c81dac8c6deac235d259ba648abb03372e615e987c361b33898f17773d9287cf8c1040b15c11bd50e1bc455759e38

    • SSDEEP

      1536:8AFNU2ieWA0KTSclQdhJ7SzvYSD538zR+pek0cSWpXjybt4KK:8AFseWDclQdhYzvDz89K

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks