metasploit | e5b614e1b5437eafb376e750140ff518cee18f1c59139c943153de10755ca4cf | Triage

Sharing

General

Target

60f71d95d58df85f846d7b88ed4d4dcc_JaffaCakes118
Size

56KB
Sample

240520-yykb6afc79
MD5

60f71d95d58df85f846d7b88ed4d4dcc
SHA1

69b3d5a43c28fcc65f40829e9f3ab5fac035a295
SHA256

e5b614e1b5437eafb376e750140ff518cee18f1c59139c943153de10755ca4cf
SHA512

077c0c51f4ce683d387edd220409dba5c09341778e0c17b7ffcc04dc6f6cb553f45c58912727c18549e2a17ef8a475f999fbf716e06c82f748d2cfef596832a7
SSDEEP

1536:Kar8eX4sQqe9tS8cp/G/Nyec16ufUN7kF:hr0sQqe9tS8c0A16wtF

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://NASDJKNASDJKNJKSDNL.COM:80/html/terces.php?/12345

Targets

- Target
  
  run2.vbs
- Size
  
  261KB
- MD5
  
  a706bd911f5e832cae1626739c28477a
- SHA1
  
  db2a4e98c698ea8f89000d4a22746a0a5eeb37c0
- SHA256
  
  d42989249e63da78fb0dd9fedca355f0a2006b2ab39e63ecfbebf5a2aca8d50d
- SHA512
  
  99eef31b3e4f1f462240647be0717435f492e71bd1bf4ec355d284f9378b2a432a103812c5ad477f1efab52287df6baeeacf83cc48330cade3b9ad246c806539
- SSDEEP
  
  6144:w3G3wiSHA2I+g5N91lSkuhNB/Lq3uqX883Wjq507OJsq8repl+JPUczCsJQf7UVk:w3G3wiSHAx+g5N91l7uX9Ly
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan