metasploit | 2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118 | Triage

Sharing

General

Target

2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118
Size

5KB
MD5

2a2b9c4e86ea708cb5dcf9f2912e6705
SHA1

725bcaa83a31772520386e0c2fffc57f68676068
SHA256

e0273dcc42f7426c64c9f2524d2cb0210c70ca4a2a8f25e5f31e44a1da8086ca
SHA512

973948c148681654b103a784e437f1440c4ca20e77956dd3a7221164527130f183af57816719368d1dfcc8d71131eb186776d264add7e4a2979fa931e64c7d12
SSDEEP

48:qFGFajFK3zSIe7h/TMXhZo+lC56afAfRa:eGFajRJhwo9Up

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://149.248.6.193:2009/HaD_DhtsZRt31HbVKPE1pwb_9iTx8rtfDNK6yWZphwG1YiYW-Fgnw176VSqa

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118

Files

2a2b9c4e86ea708cb5dcf9f2912e6705_JaffaCakes118
.dll windows:6 windows x86 arch:x86

22647e5b96f2de81d003f25d98d7d2dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory

Sections

.text
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ