Overview

overview

10

Static

static

7

1902d0a683...18.exe

windows7-x64

10

1902d0a683...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1902d0a6838dc4e72eabefc0a6999ba0_JaffaCakes118

  • Size

    47KB

  • Sample

    240628-ghwa2sxamm

  • MD5

    1902d0a6838dc4e72eabefc0a6999ba0

  • SHA1

    1fc1446d7d6a1db386cae0b8d899a65a34001e52

  • SHA256

    9a6be7efd8c050162b5e586f82b36323b8438e65858653f3eac32001b0b96d83

  • SHA512

    1427a44c4d03e3856bd72ae9b1983192d84329bc65404178e0806464e8ec479ae8b94ba6c73cd8da4e1a76c664e0dd4df004c2f9d555decb6715a2051caeeb41

  • SSDEEP

    768:IjHjYaGVR5pJbD8GFs+215p3SyqoZoo58c6VO4cESxUQ8sIC+JB4jRPkK4JY4uq3:IrMnZpB8GFs+217iloCRLfUUsS/wPJfI

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.102:31337

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

    • Target

      1902d0a6838dc4e72eabefc0a6999ba0_JaffaCakes118

    • Size

      47KB

    • MD5

      1902d0a6838dc4e72eabefc0a6999ba0

    • SHA1

      1fc1446d7d6a1db386cae0b8d899a65a34001e52

    • SHA256

      9a6be7efd8c050162b5e586f82b36323b8438e65858653f3eac32001b0b96d83

    • SHA512

      1427a44c4d03e3856bd72ae9b1983192d84329bc65404178e0806464e8ec479ae8b94ba6c73cd8da4e1a76c664e0dd4df004c2f9d555decb6715a2051caeeb41

    • SSDEEP

      768:IjHjYaGVR5pJbD8GFs+215p3SyqoZoo58c6VO4cESxUQ8sIC+JB4jRPkK4JY4uq3:IrMnZpB8GFs+217iloCRLfUUsS/wPJfI

    Score
    10/10
    metasploitbackdoortrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks