metasploit | 503d40a2448407918c3433c53939bc5c6dc72c0d316c71a1c88655288ec69249 | Triage

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-05-2024 19:45

Sharing

Report Analysis Logs

General

Target

7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118
Size

2KB
MD5

7a4c58e7c35c618b356fb189a96d3538
SHA1

cfd595535a40f8276f6afa03cd882d8b6164abfd
SHA256

503d40a2448407918c3433c53939bc5c6dc72c0d316c71a1c88655288ec69249
SHA512

0c13beb1b5697643b0704f377f44cba8a7025e0023bfe3cd7bb1213d9db4e6d6b16aba3aa0a095f7ff8b7c4151a55f1e364058e662870ecb7a69eceb1c12ec23

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118

description ioc process

File opened for modification /tmp/poc.pls 7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118

/tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118
/tmp/7a4c58e7c35c618b356fb189a96d3538_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/poc.pls

Filesize
1KB

MD5
8da102fa734bf308aca8ad208b632fc1

SHA1
080b14016b7d410dd6da9aee78a92d249e908ecb

SHA256
be3dce2c366ec30d88c37a9d9033d62a60bfdd2fb092208c78ecf504918fa61a

SHA512
9e83277403012edc0e8b1261f9126634b154eb0683af0d18f207a0a940d23f1dd3e400fb2db236c7d6ff4219dffc01f7e0b6c7264032f281f11d1243ee057399

Download Submit