metasploit | 61ffa4beb7f207c23c2584827c2c6c94d6e46e209fd47b736d5536adee897348 | Triage

Sharing

General

Target

ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118
Size

519KB
Sample

240421-nypa1aae52
MD5

ff353dc46aaaeb657fc490c0697b2ceb
SHA1

7ec9b7f9589f6313d86ed69669b908e4c2b49fd0
SHA256

61ffa4beb7f207c23c2584827c2c6c94d6e46e209fd47b736d5536adee897348
SHA512

c18612e4ccd5c9fc40d3198cb05d900538920f83e13e9d519a906867a9c737027c9700dd6c5495d7574138996fe1380e290ab29521bbfe608534d7864f9d81cf
SSDEEP

12288:aOZBsAJULcGGfNH3YWklUIvrA6Zabs4uybJ2m:QAZJopavbV

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  ff353dc46aaaeb657fc490c0697b2ceb_JaffaCakes118
- Size
  
  519KB
- MD5
  
  ff353dc46aaaeb657fc490c0697b2ceb
- SHA1
  
  7ec9b7f9589f6313d86ed69669b908e4c2b49fd0
- SHA256
  
  61ffa4beb7f207c23c2584827c2c6c94d6e46e209fd47b736d5536adee897348
- SHA512
  
  c18612e4ccd5c9fc40d3198cb05d900538920f83e13e9d519a906867a9c737027c9700dd6c5495d7574138996fe1380e290ab29521bbfe608534d7864f9d81cf
- SSDEEP
  
  12288:aOZBsAJULcGGfNH3YWklUIvrA6Zabs4uybJ2m:QAZJopavbV
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2