metasploit | 178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89 | Triage

Sharing

General

Target

6a39e3f3425409246d027f141aea485b_JaffaCakes118
Size

126KB
Sample

240724-e1sa1axhjp
MD5

6a39e3f3425409246d027f141aea485b
SHA1

8ecbc388daddfe316038a8913b68b8966fe87c52
SHA256

178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89
SHA512

5b87a1a28eb665c5ea124e64d3603012f6af15afae279d1b83703908d57096b91ecfe9046d98095b951031dace4a4bf3b46c5eb5a8cf396d178d3b70b754928a
SSDEEP

3072:sNuLp9+wX4J99Mlf5HTRnG0VabujeEDEy8YTIb93eX1p1tV75pJBVDs1AQjylOyl:sNuLp9h4J99Mlf5HTRnG0VabujeEDEyz

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.6.249:4444

Targets

- Target
  
  6a39e3f3425409246d027f141aea485b_JaffaCakes118
- Size
  
  126KB
- MD5
  
  6a39e3f3425409246d027f141aea485b
- SHA1
  
  8ecbc388daddfe316038a8913b68b8966fe87c52
- SHA256
  
  178a61d0fa02e1aeded63c9c17b27e7420689fdb8fd75740e4125484566aab89
- SHA512
  
  5b87a1a28eb665c5ea124e64d3603012f6af15afae279d1b83703908d57096b91ecfe9046d98095b951031dace4a4bf3b46c5eb5a8cf396d178d3b70b754928a
- SSDEEP
  
  3072:sNuLp9+wX4J99Mlf5HTRnG0VabujeEDEy8YTIb93eX1p1tV75pJBVDs1AQjylOyl:sNuLp9h4J99Mlf5HTRnG0VabujeEDEyz
Score

10^/10

metasploit backdoor trojan discovery
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoordiscoverytrojan