General
-
Target
d7c146ebd5bffffd702a38bf891196ab_JaffaCakes118
-
Size
50KB
-
Sample
240910-hsayjasfng
-
MD5
d7c146ebd5bffffd702a38bf891196ab
-
SHA1
f717579e1eb878fafe60525564a6dea3ff22922d
-
SHA256
b590489f91ba11b4b304f3282293b932442da2614bf86ebeed08f9e299cb89d3
-
SHA512
4e0bfc56aae13cf28553c4fd500539f1f38892c7ebcbaf898bb88f6f668e1c5b9ab91399d669fa1b011a991e9d68d9334f431712d3c9b92ad18b368e04bf0bc6
-
SSDEEP
768:BDzyqV/kcfpGdqjZQLHmFyOdpuzTZROCQ0VqXJUod3AME/JQ6zlzUtsJ/Blvx:JV/kcfpsgZQLHzGp+ZIFMqXJU4ApTJnZ
Malware Config
Extracted
metasploit
encoder/shikata_ga_nai
Extracted
metasploit
windows/shell_reverse_tcp
208.118.237.54:53
Targets
-
-
Target
d7c146ebd5bffffd702a38bf891196ab_JaffaCakes118
-
Size
50KB
-
MD5
d7c146ebd5bffffd702a38bf891196ab
-
SHA1
f717579e1eb878fafe60525564a6dea3ff22922d
-
SHA256
b590489f91ba11b4b304f3282293b932442da2614bf86ebeed08f9e299cb89d3
-
SHA512
4e0bfc56aae13cf28553c4fd500539f1f38892c7ebcbaf898bb88f6f668e1c5b9ab91399d669fa1b011a991e9d68d9334f431712d3c9b92ad18b368e04bf0bc6
-
SSDEEP
768:BDzyqV/kcfpGdqjZQLHmFyOdpuzTZROCQ0VqXJUod3AME/JQ6zlzUtsJ/Blvx:JV/kcfpsgZQLHzGp+ZIFMqXJU4ApTJnZ
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-