metasploit | 92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118 | Triage

Sharing

General

Target

92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118
Size

3KB
MD5

92e7f06b1114fb53e9fe7257585d3f84
SHA1

ae7e1699c607aa83574108f8274ff8488c4b2cec
SHA256

9b23ac3682a2849fef0df636b8cdff76f09b6edd8241a2a87918a97f7705a928
SHA512

e51460acc7c479b21ff789ede52c460fd93c5e18dff4f477590619608e99a29bc715f15bbaebe70aef1e9fa40ab00080a56015ca2eec184c0c5145daa884a033

Score

10^/10

pdf javascript metasploit

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.0.0:5555

Signatures

Metasploit family
metasploit
PDF contains JavaScript
Detects presence of JavaScript in PDF files.
pdf javascript
PDF contains one or more embedded files
Detects presence of embedded files in PDF files.
pdf
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/template.pdf

Files

92e7f06b1114fb53e9fe7257585d3f84_JaffaCakes118
.pdf
template.pdf
.exe windows:4 windows x64 arch:x64

b4c6fff030479aa3b12625be67bf4914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bdst
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE