metasploit | ff46c12456ecb9d60a0e3a3f1504d800471dc06c002287f36e41e03ad7d7ac70 | Triage

Sharing

General

Target

fc6bcd2d90675df3765fadb40c322c2c_JaffaCakes118
Size

15KB
Sample

240420-k8f6ladc56
MD5

fc6bcd2d90675df3765fadb40c322c2c
SHA1

26f512df0afb819c8998a1a689c8d4714a825ff0
SHA256

ff46c12456ecb9d60a0e3a3f1504d800471dc06c002287f36e41e03ad7d7ac70
SHA512

b2569f7a6c5997d6222be3468aec53c8a4951e4648d5ceb25d70996fe33faf3d2a8ca8c490159764517e5d85f9aac09a048e3589566688e1e5ea1487a426196e
SSDEEP

192:I8PW8guKnghi2BR8k5PF+nbGG2dqsF7cXlNIFHWMzzwBTjfcor5lzsIWrXOLVWU4:JW84nglBRBl6bG584HUFLcWZs7C9RTS

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp_dns

C2

mclean-43290.portmap.host:60886

Targets

- Target
  
  fc6bcd2d90675df3765fadb40c322c2c_JaffaCakes118
- Size
  
  15KB
- MD5
  
  fc6bcd2d90675df3765fadb40c322c2c
- SHA1
  
  26f512df0afb819c8998a1a689c8d4714a825ff0
- SHA256
  
  ff46c12456ecb9d60a0e3a3f1504d800471dc06c002287f36e41e03ad7d7ac70
- SHA512
  
  b2569f7a6c5997d6222be3468aec53c8a4951e4648d5ceb25d70996fe33faf3d2a8ca8c490159764517e5d85f9aac09a048e3589566688e1e5ea1487a426196e
- SSDEEP
  
  192:I8PW8guKnghi2BR8k5PF+nbGG2dqsF7cXlNIFHWMzzwBTjfcor5lzsIWrXOLVWU4:JW84nglBRBl6bG584HUFLcWZs7C9RTS
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan