Overview

overview

10

Static

static

3

һ�...t1.exe

windows7-x64

1

һ�...t1.exe

windows10-2004-x64

3

һ�...t2.dll

windows7-x64

3

һ�...t2.dll

windows10-2004-x64

3

һ�...t3.dll

windows7-x64

10

һ�...t3.dll

windows10-2004-x64

10

һ�...֪.exe

windows7-x64

1

һ�...֪.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_73682de66ad607e0b8ec594d0e89153150a1614060477fc126007ab22cfd3b53

  • Size

    1.0MB

  • Sample

    241224-l2haravjcy

  • MD5

    fc7ed9a4044f8738f0263e779672da4f

  • SHA1

    5b722a4b7328a22a8be97901aebfd30e325267cb

  • SHA256

    73682de66ad607e0b8ec594d0e89153150a1614060477fc126007ab22cfd3b53

  • SHA512

    f24800af2ce5eabda2b7cfa9ad1ecdbb2e2805a73b1d196154bcb03409b0f91027419e123e868b0ae1aef12b454babe66110d13760f07ebde07eb7e4dbe0f6be

  • SSDEEP

    24576:lOJnEBOkjLnDzvqN7QKjNYE5pIHRYkGZxmkAqR8VY8t35WWWU1wbr51:lO58Pvq/pYdYkG2qR+3hWUqP

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://42.56.76.11:80/apich/_utf.gif?id=18721

Attributes
  • headers Host: ctg.com.cn Cookie: QiHooGUID=C9FA6432AF75.1573373412127; User-Agent: Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko)

Targets

    • Target

      һ֪ͨ/list1.jpg

    • Size

      182KB

    • MD5

      d9bb1ad1f263e39264dce8526fb3e66b

    • SHA1

      a6c36f6da12e5e5be5605e8bcaf95747e8a9f90a

    • SHA256

      247945274f09db00ff4469eb1c894bc9579865ec6f76ed207939a5cbc6234b13

    • SHA512

      52b800494457cfa12682e72a6ceeca1b8d53a3685897cd5c8303ea4cb95dfdba8fb94125ce3567a64d11758699f3533d0ab1bce8e7d1a05a0a84f5f1a7354c84

    • SSDEEP

      3072:jOsrwp/YjykBAkuzbqYjapVqwm4CCFjsXN9/LxF3HHGcP9C2U:Cs0p/6BajmUPCWPv3HrI

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      һ֪ͨ/list2.jpg

    • Size

      116KB

    • MD5

      06e60749571b8931d0efe14a82292196

    • SHA1

      89ff4c1f7e74e26f7d450cb8ba28f98408bfd406

    • SHA256

      2fb8481ad30175b1a86224e9eda413a8a854f044a8a83c08fc8e05e143a0d9c8

    • SHA512

      101f9836758d514761758ea072997c39ccb9a3c260fdf8562dba4959ec35aeaf189999fafbfd91fd86d5be484af1ce3e63b890fddbaef66364186ad19ac5a57d

    • SSDEEP

      1536:IagfckRO5auAH4sLNjG5JFelUkM1d8fbQcA49OiMQd+dhosW5GcdCMc3IdM1IOgN:EOfU4F5He7M1dsU3iMpdinCMYId7ak

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      һ֪ͨ/list3.jpg

    • Size

      177KB

    • MD5

      e6879ea2d9819ec65acca8733725b02b

    • SHA1

      fb3366220304a3a046ff4036f76f533bb4ab757a

    • SHA256

      786773e8633643ee68da5ecbb559b8dda6505b3290a3875a1dcef6ddb873e5fa

    • SHA512

      9050922eab7fe05b1476252aba8e841a519d39446bd59ae67184463151e36d156ddb81fc354d6aa36dedcb395016b0d81b299c78d604ae0405eafecdacef35d3

    • SSDEEP

      3072:A1RctNPecymFXIFVuiCfdJ63nD6vNpNu2Hx0G8dLfJN/xAg0FujtuSta+01UOxcH:AmNGhmJIF4imPK6lTu2HePrAOwR/1UOO

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Blocklisted process makes network request

    behavioral5behavioral6

    • Target

      һ֪ͨ/һ֪ͨ.exe

    • Size

      2.1MB

    • MD5

      6d41ec7580f5a61cce0b324488167833

    • SHA1

      4ed600b0f470c86094793360376b2a9e556b519e

    • SHA256

      5273fbd5d1271be01021a83ed3f832738dd5ee20401b0e24aaa3da882e8f3058

    • SHA512

      25ca11e10f8a96c85bf3eadf082f576a023fe9126b417b18c0dd8241137933b51437c00f76f3e14db1f61f2103112394daf7733e9d2cb5c21c72591ee8bdf3b4

    • SSDEEP

      24576:KO3gFc/j41MbKbkCSA6LqZsE31n8vdPRN3e6tTQ775:3gUINbkCSA6LqGE3187NuZ775

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks