metasploit | 005010be1f9a0bd4cbaabce829c6fe1f13649dfcfd050458d171d6ee2714470a | Triage

Submit
Reports

Overview

overview

Static

static

8

30ca59fd19...18.doc

windows7-x64

30ca59fd19...18.doc

windows10-2004-x64

Sharing

General

Target

30ca59fd19f2ea733110d47eaa28df03_JaffaCakes118
Size

102KB
Sample

240510-ypzeqahg75
MD5

30ca59fd19f2ea733110d47eaa28df03
SHA1

d805e91b13b5b78fe32c4f52df6d181b592456ae
SHA256

005010be1f9a0bd4cbaabce829c6fe1f13649dfcfd050458d171d6ee2714470a
SHA512

37cd95d34e90c7a5ec97ce90e47d50aab99195681be9c5ad483b360addd09b894dc5ca4cc5c9fcc5073ba3f7a3e6f9485ba3879ee5df0e71a6d22d0822b1ce8f
SSDEEP

1536:JrPEy2ZQbVcWzJ8Tapb2KlwfCI3GV2LE5zB8bwfwgGJ+pT:3i85bU7Yr

Score

10^/10

metasploit backdoor macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

30ca59fd19f2ea733110d47eaa28df03_JaffaCakes118.doc

Resource

win7-20240221-en

metasploit backdoor trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

30ca59fd19f2ea733110d47eaa28df03_JaffaCakes118.doc

Resource

win10v2004-20240426-en

metasploit backdoor trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.7.145:4444

Targets

- Target
  
  30ca59fd19f2ea733110d47eaa28df03_JaffaCakes118
- Size
  
  102KB
- MD5
  
  30ca59fd19f2ea733110d47eaa28df03
- SHA1
  
  d805e91b13b5b78fe32c4f52df6d181b592456ae
- SHA256
  
  005010be1f9a0bd4cbaabce829c6fe1f13649dfcfd050458d171d6ee2714470a
- SHA512
  
  37cd95d34e90c7a5ec97ce90e47d50aab99195681be9c5ad483b360addd09b894dc5ca4cc5c9fcc5073ba3f7a3e6f9485ba3879ee5df0e71a6d22d0822b1ce8f
- SSDEEP
  
  1536:JrPEy2ZQbVcWzJ8Tapb2KlwfCI3GV2LE5zB8bwfwgGJ+pT:3i85bU7Yr
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy