Overview

overview

10

Static

static

10

96df70b5ea...18.exe

windows7-x64

10

96df70b5ea...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    96df70b5eab5afbd0c4f80d9c58e3567_JaffaCakes118

  • Size

    339KB

  • Sample

    240814-vdcvsssgnc

  • MD5

    96df70b5eab5afbd0c4f80d9c58e3567

  • SHA1

    f91c4e9e308545f0580d37f801437f0157dcb110

  • SHA256

    36700aa8cd9d7740201f12f90f6335942ac5ec7ef3abef91d0e1125a1b9deb77

  • SHA512

    038291cfd1d3fdc49d67b9097862f9a9625a7082eca30850a6c004f9fa11bcd1f0370e8033c3da4f35da2345ceb66980678bc8fad293388c31bf3020fc807463

  • SSDEEP

    6144:vWwgsk6J6MbyZgdGr78Ez4Mp1gdpk7NG0bGbld0aBr8HHBNZv1jz15eLV6:vWwgsk6Ywyrf8Ez4Ums7zbGbld0EAR17

Score
10/10
metasploitbackdoordiscoverytrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

172.16.1.25:80

Targets

    • Target

      96df70b5eab5afbd0c4f80d9c58e3567_JaffaCakes118

    • Size

      339KB

    • MD5

      96df70b5eab5afbd0c4f80d9c58e3567

    • SHA1

      f91c4e9e308545f0580d37f801437f0157dcb110

    • SHA256

      36700aa8cd9d7740201f12f90f6335942ac5ec7ef3abef91d0e1125a1b9deb77

    • SHA512

      038291cfd1d3fdc49d67b9097862f9a9625a7082eca30850a6c004f9fa11bcd1f0370e8033c3da4f35da2345ceb66980678bc8fad293388c31bf3020fc807463

    • SSDEEP

      6144:vWwgsk6J6MbyZgdGr78Ez4Mp1gdpk7NG0bGbld0aBr8HHBNZv1jz15eLV6:vWwgsk6Ywyrf8Ez4Ums7zbGbld0EAR17

    Score
    10/10
    metasploitbackdoordiscoverytrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks