metasploit | 6eade15ad0d8466657d14635517d5bbfe161e19e3133904a828cfdb5bab41e47 | Triage

Submit
Reports

Overview

overview

Static

static

8

28492c4b9e...18.xls

windows7-x64

28492c4b9e...18.xls

windows10-2004-x64

Sharing

General

Target

28492c4b9e930f3481aa0b4bdd83e426_JaffaCakes118
Size

36KB
Sample

240509-ezlrtsdc66
MD5

28492c4b9e930f3481aa0b4bdd83e426
SHA1

8a5be3d55dec71c065cc5aab08468e34005f67cb
SHA256

6eade15ad0d8466657d14635517d5bbfe161e19e3133904a828cfdb5bab41e47
SHA512

46ea4ae081bc7c5026c8123f004fc82846629d216c2e8ccedc87290ef97dce752639676e14fbe897b5ba0fe2535fabc9c7ffc3f39e1efff98c5fc352af2d0b39
SSDEEP

768:bck3hOdsylKlgryzc4bNhZFGzE+cL2knAJiOiC6GNfM+pwqTfxIs:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knt

Score

10^/10

metasploit backdoor macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

28492c4b9e930f3481aa0b4bdd83e426_JaffaCakes118.xls

Resource

win7-20240221-en

metasploit backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

28492c4b9e930f3481aa0b4bdd83e426_JaffaCakes118.xls

Resource

win10v2004-20240426-en

metasploit backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.196.20.185:4418

Targets

- Target
  
  28492c4b9e930f3481aa0b4bdd83e426_JaffaCakes118
- Size
  
  36KB
- MD5
  
  28492c4b9e930f3481aa0b4bdd83e426
- SHA1
  
  8a5be3d55dec71c065cc5aab08468e34005f67cb
- SHA256
  
  6eade15ad0d8466657d14635517d5bbfe161e19e3133904a828cfdb5bab41e47
- SHA512
  
  46ea4ae081bc7c5026c8123f004fc82846629d216c2e8ccedc87290ef97dce752639676e14fbe897b5ba0fe2535fabc9c7ffc3f39e1efff98c5fc352af2d0b39
- SSDEEP
  
  768:bck3hOdsylKlgryzc4bNhZFGzE+cL2knAJiOiC6GNfM+pwqTfxIs:Qk3hOdsylKlgryzc4bNhZFGzE+cL2knt
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy