metasploit | 7a5ccbef0a7db83971af93eb550fe0e58543a92bc24f791c13363bc683dc545d | Triage

Submit
Reports

Overview

overview

Static

static

3

f7db238e7c...18.exe

windows7-x64

f7db238e7c...18.exe

windows10-2004-x64

Sharing

General

Target

f7db238e7c083d3cc0b4c482dc6cebea_JaffaCakes118
Size

179KB
Sample

240418-m3fnzsba66
MD5

f7db238e7c083d3cc0b4c482dc6cebea
SHA1

3b7e846bb2d6df654a680fc0a56fc9c0ea2c86a5
SHA256

7a5ccbef0a7db83971af93eb550fe0e58543a92bc24f791c13363bc683dc545d
SHA512

5dbec22963306fd67a8787063ff38b7954934c98d3ff53629e131b67671106b7a9e1807811817408ba990cb70bc0e5e5ca8f077e2c061ebcf80a36b49239c0ad
SSDEEP

3072:btOpuhG58eziMhEqj36FGyKnHbESMb8vND5bDZaHkjSq2:3Qzk4KFGyKnHuwvHbVaH42

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7db238e7c083d3cc0b4c482dc6cebea_JaffaCakes118.exe

Resource

win7-20240221-en

metasploit backdoor trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7db238e7c083d3cc0b4c482dc6cebea_JaffaCakes118.exe

Resource

win10v2004-20240226-en

metasploit backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f7db238e7c083d3cc0b4c482dc6cebea_JaffaCakes118
- Size
  
  179KB
- MD5
  
  f7db238e7c083d3cc0b4c482dc6cebea
- SHA1
  
  3b7e846bb2d6df654a680fc0a56fc9c0ea2c86a5
- SHA256
  
  7a5ccbef0a7db83971af93eb550fe0e58543a92bc24f791c13363bc683dc545d
- SHA512
  
  5dbec22963306fd67a8787063ff38b7954934c98d3ff53629e131b67671106b7a9e1807811817408ba990cb70bc0e5e5ca8f077e2c061ebcf80a36b49239c0ad
- SSDEEP
  
  3072:btOpuhG58eziMhEqj36FGyKnHbESMb8vND5bDZaHkjSq2:3Qzk4KFGyKnHuwvHbVaH42
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy