General
-
Target
14fcafeb655033e094ad63a2191ad881_JaffaCakes118
-
Size
200KB
-
Sample
240627-g8clmawfqc
-
MD5
14fcafeb655033e094ad63a2191ad881
-
SHA1
561a2fe7ec9c21f4b247e45bf6b385976d760a92
-
SHA256
c0e632c5428dd92d1a687afd98597d48b69728194111ed5eca3c3f84cb68049d
-
SHA512
03f19d3b591d846ec8306d4bfe712f97fed89afffdffb57f0794c20b8c7a3c4c7e14983810e74ad2cc414a040ddb89b679e46f255a4024490ab452bcf76b1f63
-
SSDEEP
3072:6/vGHqJLx6B/CRLdhHo5GWp1icKAArDZz4N9GhbkrNEk1Odcv7jyKCw0PuCo2bc:2WqA/eRwp0yN90QExcv72uC9
Malware Config
Extracted
metasploit
windows/shell_reverse_tcp
192.168.0.107:4444
Targets
-
-
Target
14fcafeb655033e094ad63a2191ad881_JaffaCakes118
-
Size
200KB
-
MD5
14fcafeb655033e094ad63a2191ad881
-
SHA1
561a2fe7ec9c21f4b247e45bf6b385976d760a92
-
SHA256
c0e632c5428dd92d1a687afd98597d48b69728194111ed5eca3c3f84cb68049d
-
SHA512
03f19d3b591d846ec8306d4bfe712f97fed89afffdffb57f0794c20b8c7a3c4c7e14983810e74ad2cc414a040ddb89b679e46f255a4024490ab452bcf76b1f63
-
SSDEEP
3072:6/vGHqJLx6B/CRLdhHo5GWp1icKAArDZz4N9GhbkrNEk1Odcv7jyKCw0PuCo2bc:2WqA/eRwp0yN90QExcv72uC9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-