Overview

overview

10

Static

static

3

fa18603301...18.exe

windows7-x64

10

fa18603301...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa18603301954d03d73c69efb76b59fd_JaffaCakes118

  • Size

    52KB

  • Sample

    240419-melkbsgg4t

  • MD5

    fa18603301954d03d73c69efb76b59fd

  • SHA1

    5850b0506e9446e7ef8ed32015d25e7540eddb58

  • SHA256

    4c655f9708839ca495b6fd86c06bb2d6cb76349deb2fc007d495066695481513

  • SHA512

    5b9f12afe9ef0a174e8113ac4294cb253619c416df7cfb9b2b8aa8ff1ae6d49cc41722963c8c775b1b53d2fa60095e0d9ff9a34cd2c4c1074452e2b24dceca5c

  • SSDEEP

    768:3tELoAseEpiW6fv9C9gk/XUZ/PlvLD4fzlUS2POd6DjyWzLojoIBvfbUs:3819yiWsv49Nu/Pteld2PWajXgcKos

Score
10/10
metasploitbackdoorpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      fa18603301954d03d73c69efb76b59fd_JaffaCakes118

    • Size

      52KB

    • MD5

      fa18603301954d03d73c69efb76b59fd

    • SHA1

      5850b0506e9446e7ef8ed32015d25e7540eddb58

    • SHA256

      4c655f9708839ca495b6fd86c06bb2d6cb76349deb2fc007d495066695481513

    • SHA512

      5b9f12afe9ef0a174e8113ac4294cb253619c416df7cfb9b2b8aa8ff1ae6d49cc41722963c8c775b1b53d2fa60095e0d9ff9a34cd2c4c1074452e2b24dceca5c

    • SSDEEP

      768:3tELoAseEpiW6fv9C9gk/XUZ/PlvLD4fzlUS2POd6DjyWzLojoIBvfbUs:3819yiWsv49Nu/Pteld2PWajXgcKos

    Score
    10/10
    metasploitbackdoorpersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks