Overview

overview

10

Static

static

1

9241d7c5ef...18.ps1

windows7-x64

10

9241d7c5ef...18.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9241d7c5ef3f6b9fd06a1ec6d0b815b0_JaffaCakes118

  • Size

    2KB

  • Sample

    240603-stfkhsbh76

  • MD5

    9241d7c5ef3f6b9fd06a1ec6d0b815b0

  • SHA1

    5591fb71577f8eab07c8570325bec394e5c399ab

  • SHA256

    a9bf7576baabe4a6c08dcc0b254b87fac4edba205c308b75098582085a983e2a

  • SHA512

    fdc26c534af419bbbf92bb48a3c18eecb6bb4fe3f7c12cb7812c73bd57dab0ace5dbe0dcbd6291112d46a4767e238f277ef4d2a1fb9835ce906fe3ec2c8c9471

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.161.193.99:62731

Targets

    • Target

      9241d7c5ef3f6b9fd06a1ec6d0b815b0_JaffaCakes118

    • Size

      2KB

    • MD5

      9241d7c5ef3f6b9fd06a1ec6d0b815b0

    • SHA1

      5591fb71577f8eab07c8570325bec394e5c399ab

    • SHA256

      a9bf7576baabe4a6c08dcc0b254b87fac4edba205c308b75098582085a983e2a

    • SHA512

      fdc26c534af419bbbf92bb48a3c18eecb6bb4fe3f7c12cb7812c73bd57dab0ace5dbe0dcbd6291112d46a4767e238f277ef4d2a1fb9835ce906fe3ec2c8c9471

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks