metasploit

General

Target

f24d37cbcc9a905355c0a138e503c973_JaffaCakes118
Size

1.1MB
Sample

240416-a4twsaef7x
MD5

f24d37cbcc9a905355c0a138e503c973
SHA1

b591e5e2fdd63e69ffc84477759580890d3d7ca0
SHA256

e4d087a8ec791924aa5721321491b27aa148878811be8ed1685342e2dd07f7d4
SHA512

5eec80440036c2da47a4fd8f6756b29673f49f51072ba611fc0bd23b76f9b7809c3861aef4f981ddb025064d30008c4a696cb16869f4f5c826194def1b6e5dbf
SSDEEP

12288:Hpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:Ht/ir7bAK/ZFMlY8+HN9w

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  f24d37cbcc9a905355c0a138e503c973_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  f24d37cbcc9a905355c0a138e503c973
- SHA1
  
  b591e5e2fdd63e69ffc84477759580890d3d7ca0
- SHA256
  
  e4d087a8ec791924aa5721321491b27aa148878811be8ed1685342e2dd07f7d4
- SHA512
  
  5eec80440036c2da47a4fd8f6756b29673f49f51072ba611fc0bd23b76f9b7809c3861aef4f981ddb025064d30008c4a696cb16869f4f5c826194def1b6e5dbf
- SSDEEP
  
  12288:Hpb/ir7hhARq3/T4GHQSRvJ/ulYPCz+HavEwEQFrN:Ht/ir7bAK/ZFMlY8+HN9w
Score

10^/10

metasploit backdoor evasion themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

1

T1012

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Identifies Wine through registry keys

Loads dropped DLL

Themida packer

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2