metasploit | 9cd80cf4bc3ecc93e7cb18a54e9abaeec7faf6bc1a7216e0267cf2186540651e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

415e407e95b8b91447d9d5aab9a0aef6_JaffaCakes118
Size

46KB
Sample

240713-mwsd7sxgkj
MD5

415e407e95b8b91447d9d5aab9a0aef6
SHA1

7344b03c2aa6e8b88a888a8f0c8082e95dcbb12e
SHA256

9cd80cf4bc3ecc93e7cb18a54e9abaeec7faf6bc1a7216e0267cf2186540651e
SHA512

2c5e9647c85ebc8cd10a0d6dc48901b1983f2b3f36e4203f02bbce71335fffc82f3964840aee210562a89bb7bfc8289ecad36915c5120404ad5e678df159b456
SSDEEP

768:R5scsxI71Hv2mTEb4YXVzancAloPCx+k2uIuHtod6gWtxVjkeaPnAJWAEnRmtl:R5sc375Ab4EBanICQFuIiyd6gWHpkea5

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  415e407e95b8b91447d9d5aab9a0aef6_JaffaCakes118
- Size
  
  46KB
- MD5
  
  415e407e95b8b91447d9d5aab9a0aef6
- SHA1
  
  7344b03c2aa6e8b88a888a8f0c8082e95dcbb12e
- SHA256
  
  9cd80cf4bc3ecc93e7cb18a54e9abaeec7faf6bc1a7216e0267cf2186540651e
- SHA512
  
  2c5e9647c85ebc8cd10a0d6dc48901b1983f2b3f36e4203f02bbce71335fffc82f3964840aee210562a89bb7bfc8289ecad36915c5120404ad5e678df159b456
- SSDEEP
  
  768:R5scsxI71Hv2mTEb4YXVzancAloPCx+k2uIuHtod6gWtxVjkeaPnAJWAEnRmtl:R5sc375Ab4EBanICQFuIiyd6gWHpkea5
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2

metasploitbackdoorevasiontrojan