metasploit | e1dd13adcffb3306d7baea74d54f030b7dccdc51e16398da55ab7a794b11dc43 | Triage

Sharing

General

Target

223e0bac1159b31184a9ccfe6a7c91e9_JaffaCakes118
Size

126KB
Sample

240507-3pr3vshd75
MD5

223e0bac1159b31184a9ccfe6a7c91e9
SHA1

a2b5d13e00ce8063816f1c47cf2c964539f13ea5
SHA256

e1dd13adcffb3306d7baea74d54f030b7dccdc51e16398da55ab7a794b11dc43
SHA512

8d10fd10834e13cdb743e07ed896b8844da0a0ea215035ffc09bbbc26de0b502add030522a50ba233707cb04a89c2cbddf17bee882dfc1a4f341562c8019c686
SSDEEP

3072:K2sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcX5XKY64:LbJhs7QW69hd1MMdxPe9N9uA0hu9TBgn

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.0.2.15:4444

Targets

- Target
  
  223e0bac1159b31184a9ccfe6a7c91e9_JaffaCakes118
- Size
  
  126KB
- MD5
  
  223e0bac1159b31184a9ccfe6a7c91e9
- SHA1
  
  a2b5d13e00ce8063816f1c47cf2c964539f13ea5
- SHA256
  
  e1dd13adcffb3306d7baea74d54f030b7dccdc51e16398da55ab7a794b11dc43
- SHA512
  
  8d10fd10834e13cdb743e07ed896b8844da0a0ea215035ffc09bbbc26de0b502add030522a50ba233707cb04a89c2cbddf17bee882dfc1a4f341562c8019c686
- SSDEEP
  
  3072:K2sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcX5XKY64:LbJhs7QW69hd1MMdxPe9N9uA0hu9TBgn
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan