metasploit | JaffaCakes118_ff0075614aef2139ef9905f517576f5743493353df7ad701d2968e5d67417581 | Triage

Sharing

General

Target

JaffaCakes118_ff0075614aef2139ef9905f517576f5743493353df7ad701d2968e5d67417581
Size

5KB
MD5

cc1600c84b37e8aaa18e646467b10067
SHA1

7759a056d5f60a31dc44bff38e671025e4b818f6
SHA256

ff0075614aef2139ef9905f517576f5743493353df7ad701d2968e5d67417581
SHA512

9eb30f08ec7b16707f285f4b7757e340511e2b7cff5ef192fdb9fd589f2215a3f9153a5481c71894d634c6ef9e21a6365a490a33b4736bd7ef8248cc96ba4f20
SSDEEP

24:ev1GSFGFajE/K3tQ3zSaJ2IkM6Pv617s3h/LjpKpuMA61hIAJu:qFGFajFK3zSIe7h/TMp1xJu

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.130.209.29:17251

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ff0075614aef2139ef9905f517576f5743493353df7ad701d2968e5d67417581

Files

JaffaCakes118_ff0075614aef2139ef9905f517576f5743493353df7ad701d2968e5d67417581
.dll windows:6 windows x86 arch:x86

22647e5b96f2de81d003f25d98d7d2dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitThread
ResumeThread
CreateProcessA
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory

Sections

.text
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ