Overview

overview

10

Static

static

7

e42e8d448c...18.exe

windows7-x64

10

e42e8d448c...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e42e8d448cbb1418622c4559a8564716_JaffaCakes118

  • Size

    229KB

  • Sample

    240916-g4hbbasflc

  • MD5

    e42e8d448cbb1418622c4559a8564716

  • SHA1

    d82a09b9593931ba3e8dfffd4dc712622092b4ad

  • SHA256

    fa0f3b2977c7ef3d90de0192605a1e629692264ce6fccce8b8ea0c3659e0c8b4

  • SHA512

    c376a72e4d8f2d87c4ce1484a41c8885ee59478a3071bf8aa71bd9438f60476355388c2abec655d1d44c8e998f631a667bfe147f25604b3bfee452d869781013

  • SSDEEP

    6144:N2OFDTwU1Soezc/25ooQkmlA6h80EGMYNAScL7qOzCp9:wCTwU1XWootmdBMDS8jw

Score
10/10
metasploitbackdoordiscoverytrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      e42e8d448cbb1418622c4559a8564716_JaffaCakes118

    • Size

      229KB

    • MD5

      e42e8d448cbb1418622c4559a8564716

    • SHA1

      d82a09b9593931ba3e8dfffd4dc712622092b4ad

    • SHA256

      fa0f3b2977c7ef3d90de0192605a1e629692264ce6fccce8b8ea0c3659e0c8b4

    • SHA512

      c376a72e4d8f2d87c4ce1484a41c8885ee59478a3071bf8aa71bd9438f60476355388c2abec655d1d44c8e998f631a667bfe147f25604b3bfee452d869781013

    • SSDEEP

      6144:N2OFDTwU1Soezc/25ooQkmlA6h80EGMYNAScL7qOzCp9:wCTwU1XWootmdBMDS8jw

    Score
    10/10
    metasploitbackdoordiscoverytrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks