metasploit | 2bdc96784e30b4bf76f638c8f1223519_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bdc96784e30b4bf76f638c8f1223519_JaffaCakes118
Size

15KB
MD5

2bdc96784e30b4bf76f638c8f1223519
SHA1

dc921dc350187ada2e11577f3113cd930c29c37f
SHA256

77132cea1928a30923d03f48ed54ac0b34fe8e910ffe57d09af56e0b45543a1e
SHA512

6f771f97cce463a3e07b6a5235ec9fed66f220128066a7c1a9cfa34fd24a0dc4185cc037eb65baf0233fc5ef5416cf94eaf608d633ad68b373398079be50c5b8
SSDEEP

96:fnYBxbTmBBjkcfrAlhNHc2BywoAJPQYi3K1DntAfdomPdHWsyzUpEw7b:P+bTQBk4Alh9pBpbtQYQK5YouI1UL7b

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.23:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bdc96784e30b4bf76f638c8f1223519_JaffaCakes118

Files

2bdc96784e30b4bf76f638c8f1223519_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b093b9b6223af7f9e72d34d8765aa77f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetThreadContext
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory

msvcrt

memset

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE