metasploit | 8d17d3a5f3b094938396495331e3dde990d8903736e46318bab7a7af20f9c31d | Triage

Sharing

General

Target

68d9b2bda86ac6ce7dbfd3ee9fd12508_JaffaCakes118
Size

2KB
Sample

240522-2dlk9sbd55
MD5

68d9b2bda86ac6ce7dbfd3ee9fd12508
SHA1

89ecae4065f2f2d7bdd3e910da4bddcd350afbcf
SHA256

8d17d3a5f3b094938396495331e3dde990d8903736e46318bab7a7af20f9c31d
SHA512

b62d41e49a2b87ad9c9fb18a02891833c08499a05099e964a6ba75c2cfffc46369d611462f6b1dec3b93ed17f2c3c015f909127738b773c77770d80a0029e79c

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://45.77.23.209:8080/jquery-3.3.1.slim.min.js

Attributes

headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Host: cdn.bootcss.com Referer: http://cdn.bootcss.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  68d9b2bda86ac6ce7dbfd3ee9fd12508_JaffaCakes118
- Size
  
  2KB
- MD5
  
  68d9b2bda86ac6ce7dbfd3ee9fd12508
- SHA1
  
  89ecae4065f2f2d7bdd3e910da4bddcd350afbcf
- SHA256
  
  8d17d3a5f3b094938396495331e3dde990d8903736e46318bab7a7af20f9c31d
- SHA512
  
  b62d41e49a2b87ad9c9fb18a02891833c08499a05099e964a6ba75c2cfffc46369d611462f6b1dec3b93ed17f2c3c015f909127738b773c77770d80a0029e79c
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan