Overview

overview

10

Static

static

3

JaffaCakes...60.exe

windows7-x64

10

JaffaCakes...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6626018fbed6bc365a383a18a88bb760

  • Size

    58KB

  • Sample

    250102-sz6znazkbn

  • MD5

    6626018fbed6bc365a383a18a88bb760

  • SHA1

    191d0d6dd77e33dd45df742fa2f9c28c0740f837

  • SHA256

    33bc7520b5d44606327e9590686517c2de6c3bf9634cb2d6c8cc66b158211183

  • SHA512

    cb766841bc704807fee25a3e9a4c2ea9fde6c26a34d24402192cc28835306c757873cb53a24c9c2b2e86243510ec8e7508d24fc2f5b67ac45b6ab80528fbf690

  • SSDEEP

    768:ez+VZ1p/ija+1I2UqBg6Q4sNbEMLF3pQ1d+NDwaTk02fxvIvri:HVZfqamsNbDFZQ1d+N8KkTvIO

Score
10/10
metasploitbackdoordiscoveryexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.25.164:666

Targets

    • Target

      JaffaCakes118_6626018fbed6bc365a383a18a88bb760

    • Size

      58KB

    • MD5

      6626018fbed6bc365a383a18a88bb760

    • SHA1

      191d0d6dd77e33dd45df742fa2f9c28c0740f837

    • SHA256

      33bc7520b5d44606327e9590686517c2de6c3bf9634cb2d6c8cc66b158211183

    • SHA512

      cb766841bc704807fee25a3e9a4c2ea9fde6c26a34d24402192cc28835306c757873cb53a24c9c2b2e86243510ec8e7508d24fc2f5b67ac45b6ab80528fbf690

    • SSDEEP

      768:ez+VZ1p/ija+1I2UqBg6Q4sNbEMLF3pQ1d+NDwaTk02fxvIvri:HVZfqamsNbDFZQ1d+N8KkTvIO

    Score
    10/10
    metasploitbackdoordiscoveryexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks