metasploit | 71fa63e9b0d73b239860f3b374825e98_JaffaCakes118 | Triage

Sharing

General

Target

71fa63e9b0d73b239860f3b374825e98_JaffaCakes118
Size

28KB
MD5

71fa63e9b0d73b239860f3b374825e98
SHA1

7709028d4ee905415e45df4d01dc7e3d5037700d
SHA256

5906ea64dde82ba0ddd35ab73c395a67dfef3422fccc074b70731b5063c45c38
SHA512

00878ae73ffd5ee544ee8ee3aa8bce5095801cdfdb7f3df42695cdd2bf99a3d2d36875a14ce505ac12a1e26fa0034c6cbc8e4672e968a36ecd4552a98b73fdc7
SSDEEP

384:rMxqP4Uxy4lMTDLSODqhxQGcnmlJSuy48XgtPHNGPaztpst:QxqJfGDLXqhxjcu24s4ga5Kt

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

172.16.10.1:443

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fa63e9b0d73b239860f3b374825e98_JaffaCakes118

Files

71fa63e9b0d73b239860f3b374825e98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

998f66f1e9e3bb99b709788345176018

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
HeapFree
HeapAlloc
GetProcessHeap
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
FlushViewOfFile
SetLastError
GetStringTypeA
LCMapStringW
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
GetLastError
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
SetStdHandle
MultiByteToWideChar
LCMapStringA
GetStringTypeW

dbghelp

ImageNtHeader

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE