Overview

overview

10

Static

static

3

JaffaCakes...0a.dll

windows7-x64

10

JaffaCakes...0a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a

  • Size

    21KB

  • Sample

    241223-p5t1hazpgl

  • MD5

    e87db96cd174302eb50197838cd0e600

  • SHA1

    42a56aeb563dbd3ca10e1b3e5470d2214ddd44de

  • SHA256

    0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a

  • SHA512

    45084a5c9d796465dc9775d1d55d2f232e164a24fb0e5adc601ca4766974ef6c06a0b55e87b85d70bdc0efe38b1095e94e4d73291828c345a3d54766760b1ce4

  • SSDEEP

    384:6ozUso76JPyZV12j5NQY3Jxi181m101q1MhUfZeN1/8SPo/MVT8d:3ho7Cay3J4181m101q+6fWPo

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://194.15.112.119:443/wp/clients/windows10.0-kb4487020-x64_c24ea4717e559b13e5.cab

Targets

    • Target

      JaffaCakes118_0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a

    • Size

      21KB

    • MD5

      e87db96cd174302eb50197838cd0e600

    • SHA1

      42a56aeb563dbd3ca10e1b3e5470d2214ddd44de

    • SHA256

      0e999a347d3de40fd0b554bb56624e68e0e26e219c970018edfd9f7949cf7a0a

    • SHA512

      45084a5c9d796465dc9775d1d55d2f232e164a24fb0e5adc601ca4766974ef6c06a0b55e87b85d70bdc0efe38b1095e94e4d73291828c345a3d54766760b1ce4

    • SSDEEP

      384:6ozUso76JPyZV12j5NQY3Jxi181m101q1MhUfZeN1/8SPo/MVT8d:3ho7Cay3J4181m101q+6fWPo

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks