metasploit | 8b2e5890687ce54f8ed6b9aac54b0cab0b051c724961b0d3ab22d8b4ef8b7c40 | Triage

Sharing

General

Target

f7c288227694f2c5b88d411c576b5213_JaffaCakes118
Size

102KB
Sample

240418-l1w3hshg78
MD5

f7c288227694f2c5b88d411c576b5213
SHA1

08541911d55f1bd8e3981f21fde0378d7c553f51
SHA256

8b2e5890687ce54f8ed6b9aac54b0cab0b051c724961b0d3ab22d8b4ef8b7c40
SHA512

62ee17a6d5e50d2c4649818c626fd3351c85ffc6f8514c8928ca711f8997aa8f0105d2f788f50f30f2db2adf886568d929f13d33f3ce86c014019fd749a4ade3
SSDEEP

3072:LEvW22Z2DdSKp9mGelKwybYFJ8ldPihkGAmGnZE:L1kDdSG9xelZybYJQihkGr

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

127.0.0.1:4444

Targets

- Target
  
  f7c288227694f2c5b88d411c576b5213_JaffaCakes118
- Size
  
  102KB
- MD5
  
  f7c288227694f2c5b88d411c576b5213
- SHA1
  
  08541911d55f1bd8e3981f21fde0378d7c553f51
- SHA256
  
  8b2e5890687ce54f8ed6b9aac54b0cab0b051c724961b0d3ab22d8b4ef8b7c40
- SHA512
  
  62ee17a6d5e50d2c4649818c626fd3351c85ffc6f8514c8928ca711f8997aa8f0105d2f788f50f30f2db2adf886568d929f13d33f3ce86c014019fd749a4ade3
- SSDEEP
  
  3072:LEvW22Z2DdSKp9mGelKwybYFJ8ldPihkGAmGnZE:L1kDdSG9xelZybYJQihkGr
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan