metasploit | JaffaCakes118_641e07df1671fa7e1f6a24b308a30cdd | Triage

Sharing

General

Target

JaffaCakes118_641e07df1671fa7e1f6a24b308a30cdd
Size

17KB
MD5

641e07df1671fa7e1f6a24b308a30cdd
SHA1

a30f15a44d7c9a58251aed950c8a7db4a138273e
SHA256

aca87fc72e058bcf251f3d44a1347acc6ee0b4903207950f1ca0f63a2a3210ce
SHA512

6fe3dab39e750f404b78e085d3741a0b8c7cec2a09ab515120f8f32aa44398c3278ece31f659e7f4f11ada6ee0d50e7f690c7e5e634aa82c239a61d31f73510f
SSDEEP

192:aYZLA6pmbqrnXCFkSW9WKvYRK3oeyF9+CC4L:5pm4RSW4KwRK4JP+Z8

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

23.22.19.250:80

Signatures

Metasploit family
metasploit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_641e07df1671fa7e1f6a24b308a30cdd

Files

JaffaCakes118_641e07df1671fa7e1f6a24b308a30cdd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE