metasploit | b53509b8ac150a97e626255ef30563799eb623677dff85cc0775aaf919f64295 | Triage

Submit
Reports

Overview

overview

Static

static

8

2ce9781cec...18.xls

windows7-x64

2ce9781cec...18.xls

windows10-2004-x64

Sharing

General

Target

2ce9781cec2f025011f227c1b48e0e4b_JaffaCakes118
Size

35KB
Sample

240510-c1apvadh2y
MD5

2ce9781cec2f025011f227c1b48e0e4b
SHA1

9a6b6a23079e1afdcbb45cf0ebb840a62ac0eed9
SHA256

b53509b8ac150a97e626255ef30563799eb623677dff85cc0775aaf919f64295
SHA512

54b1a0cd2e999a1da7d5fc3e3008d34fdfcb9503eae5905cada34fd7f31603c271b914cbc8603f4c34da5ea5ebb4c27b8d8763fbae1cbb182f17e4db4f837acf
SSDEEP

768:ZK1Tgbyw3sz25o16yN9rjXjBCKs2bATlFFdmSSQcG+88S7+pTMV:ZK1Tgbyw3sz25o16yN9rjXjBCKs2ATl1

Score

10^/10

metasploit backdoor macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

2ce9781cec2f025011f227c1b48e0e4b_JaffaCakes118.xls

Resource

win7-20240508-en

metasploit backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2ce9781cec2f025011f227c1b48e0e4b_JaffaCakes118.xls

Resource

win10v2004-20240508-en

metasploit backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.100.48:441/epZt6KpNHVkE8QXwX9EXsAw6NTHtiHB3ZMNlDj2auAy4BjiwEXhsiO

Targets

- Target
  
  2ce9781cec2f025011f227c1b48e0e4b_JaffaCakes118
- Size
  
  35KB
- MD5
  
  2ce9781cec2f025011f227c1b48e0e4b
- SHA1
  
  9a6b6a23079e1afdcbb45cf0ebb840a62ac0eed9
- SHA256
  
  b53509b8ac150a97e626255ef30563799eb623677dff85cc0775aaf919f64295
- SHA512
  
  54b1a0cd2e999a1da7d5fc3e3008d34fdfcb9503eae5905cada34fd7f31603c271b914cbc8603f4c34da5ea5ebb4c27b8d8763fbae1cbb182f17e4db4f837acf
- SSDEEP
  
  768:ZK1Tgbyw3sz25o16yN9rjXjBCKs2bATlFFdmSSQcG+88S7+pTMV:ZK1Tgbyw3sz25o16yN9rjXjBCKs2ATl1
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy