General
-
Target
ef9fa5d9dc48cd4f0c2e1166175970a8_JaffaCakes118
-
Size
459KB
-
Sample
240921-mtgvpaxhqf
-
MD5
ef9fa5d9dc48cd4f0c2e1166175970a8
-
SHA1
3bd3e47bbcba5e25e99ad5f16b59054ee6ba459c
-
SHA256
6ac3ac762de5215b6877ab7c8c2ef412d1ee26dc214a3920fc77b9eb368c411c
-
SHA512
6b61f88be6dd1aff246ce4e25c3d465aef940551e74d6a7bbb80ab326e08c2e675c2fb342830b61a0ed4bd550fb8769b68510c8f44edb3811603fe7dc1c4fcfd
-
SSDEEP
6144:SWqA/eRwp0yN90QEq9Y5+yWFx5EcYkr+0ps0OApyiEkJJnJFg2JO0oNkJHCcttaU:7/eXy90I9Y5xCx+v0OPM9JuL0oNeCc
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.0.23:4444
Targets
-
-
Target
ef9fa5d9dc48cd4f0c2e1166175970a8_JaffaCakes118
-
Size
459KB
-
MD5
ef9fa5d9dc48cd4f0c2e1166175970a8
-
SHA1
3bd3e47bbcba5e25e99ad5f16b59054ee6ba459c
-
SHA256
6ac3ac762de5215b6877ab7c8c2ef412d1ee26dc214a3920fc77b9eb368c411c
-
SHA512
6b61f88be6dd1aff246ce4e25c3d465aef940551e74d6a7bbb80ab326e08c2e675c2fb342830b61a0ed4bd550fb8769b68510c8f44edb3811603fe7dc1c4fcfd
-
SSDEEP
6144:SWqA/eRwp0yN90QEq9Y5+yWFx5EcYkr+0ps0OApyiEkJJnJFg2JO0oNkJHCcttaU:7/eXy90I9Y5xCx+v0OPM9JuL0oNeCc
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-