metasploit | 2d4279f3748fc758f119cf47569918c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d4279f3748fc758f119cf47569918c3_JaffaCakes118
Size

15KB
MD5

2d4279f3748fc758f119cf47569918c3
SHA1

0cdede037ad36400241539935d77a77892e98d7b
SHA256

d64679221843e844e5284ff99ce312e5231ddbe2c9b2ee093f8eb1260251e9c5
SHA512

2f4032c8304586242d3fb1fb2e24932500854c5682d1dca76e2e7659becd9238dae7681b69b74da88e8498e24538a0d8c30b32f7c96d0a734d9012ea4717bb40
SSDEEP

96:XnYBxbTmBBjkcfrAlhNHc2BywoAJPQYi3K1DntAfdomPdHWsyzUpBw7b:X+bTQBk4Alh9pBpbtQYQK5YouI1U47b

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.245.51:17043

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d4279f3748fc758f119cf47569918c3_JaffaCakes118

Files

2d4279f3748fc758f119cf47569918c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b093b9b6223af7f9e72d34d8765aa77f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetThreadContext
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory

msvcrt

memset

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE