metasploit | bef2de6fa507a1bb512b22267c25b9ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bef2de6fa507a1bb512b22267c25b9ab_JaffaCakes118
Size

15KB
MD5

bef2de6fa507a1bb512b22267c25b9ab
SHA1

3b436906c734e4355a1000a9cf2fe5e4571a995d
SHA256

2b782c03c366e6f8c73441cdf6781fd6040e5dcda23c643d90c7b5b85aaf1c4e
SHA512

8696baa26db0704e18876b487c21fe4930ec1704e03d0c0d3da556dd042f915dabb41e692b34839be0db3e3970a2b8d3d1b8c022bfafe10685b61ec21df7bd41
SSDEEP

192:4THaR0JZr3yIM3/hZb3DpIXkjyFoqcGDH:90JZrCIMPTbV/eaqhz

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.1.1.25:5001

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bef2de6fa507a1bb512b22267c25b9ab_JaffaCakes118

Files

bef2de6fa507a1bb512b22267c25b9ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a31d7c86721fcac2504991ac044551a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fflush
fprintf
free
getchar
malloc
signal

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE