metasploit | 2d61cf19d9801f7b3a1144d6f56cb1c65b778ec8475f383ec7eb6c65cb7815b3 | Triage

Sharing

General

Target

0db76a15153197ca0a55469e7d009679_JaffaCakes118
Size

75KB
Sample

240625-me2ljstgma
MD5

0db76a15153197ca0a55469e7d009679
SHA1

fe3e83f028a950103ca69bc5789abe386b99b746
SHA256

2d61cf19d9801f7b3a1144d6f56cb1c65b778ec8475f383ec7eb6c65cb7815b3
SHA512

8c0c0fc22d295cfba22f74e1d178b2b074a57f55dab1134a197dd51cf8b2ffb2558c0807291c1562af08c5d3c0b1977e001a3dc75dfadd6ac5c17a95f7b58010
SSDEEP

1536:25sc375Ab4EBanICQFuIiyd6gWHpkeaPRAER:2p5wfCQF92HpkeWp

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  0db76a15153197ca0a55469e7d009679_JaffaCakes118
- Size
  
  75KB
- MD5
  
  0db76a15153197ca0a55469e7d009679
- SHA1
  
  fe3e83f028a950103ca69bc5789abe386b99b746
- SHA256
  
  2d61cf19d9801f7b3a1144d6f56cb1c65b778ec8475f383ec7eb6c65cb7815b3
- SHA512
  
  8c0c0fc22d295cfba22f74e1d178b2b074a57f55dab1134a197dd51cf8b2ffb2558c0807291c1562af08c5d3c0b1977e001a3dc75dfadd6ac5c17a95f7b58010
- SSDEEP
  
  1536:25sc375Ab4EBanICQFuIiyd6gWHpkeaPRAER:2p5wfCQF92HpkeWp
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2

metasploitbackdoorevasiontrojan