metasploit | f20a7ae8b69ecf1b815a60ba0194fa6e_JaffaCakes118 | Triage

Sharing

General

Target

f20a7ae8b69ecf1b815a60ba0194fa6e_JaffaCakes118
Size

48KB
MD5

f20a7ae8b69ecf1b815a60ba0194fa6e
SHA1

1e973af2bb6f352b9d124983a7e097cd7f69eab8
SHA256

28205c880c248e83bd3f1192fb118fb26c5f734b5a980566c3e3165d4aa69ff0
SHA512

4fa179192c484df22e8cfd4c626faf89781eff0d4ff9fb9a9c66c9f7ffbfb810dda0b26c0bdc69d68aaa4bd6f7941ef9fb1d5b34134dc1fcfce24faf9d518977
SSDEEP

768:riOWDYPSCLyfS3gHWHocT9wuH5n/SMeIiolx4wle3:48KCLyfT2HXFaMeNok

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.0.136:4444

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20a7ae8b69ecf1b815a60ba0194fa6e_JaffaCakes118

Files

f20a7ae8b69ecf1b815a60ba0194fa6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9359d75dc13faf541d7d8c88e04a6f3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
SetCommState
GetCommState
SetCommTimeouts
PurgeComm
SetupComm
SetCommMask
CreateEventA
CreateFileA
EscapeCommFunction
GetOverlappedResult
WaitForSingleObject
GetLastError
WriteFile
ResetEvent
ReadFile
ClearCommBreak
Sleep
SetCommBreak
GetTickCount
ExitProcess
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
UnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
VirtualAlloc
HeapReAlloc
FlushFileBuffers
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE