metasploit | a6a9419dd8bc7a56eec6e3ff07ea0ebd933af587a76fd7c77b886353edbb1ac6 | Triage

Sharing

General

Target

85a9b80cf58ff00cbf501b77953bf31a_JaffaCakes118
Size

452KB
Sample

240810-l68nhavdpj
MD5

85a9b80cf58ff00cbf501b77953bf31a
SHA1

c99282e2337d76dbbdd1194ed07b2abb33eddd70
SHA256

a6a9419dd8bc7a56eec6e3ff07ea0ebd933af587a76fd7c77b886353edbb1ac6
SHA512

e8f2899b7220a1855b9b5ad56ac99387db7cd1477b9ea04775277c5f18c173d350e22c13172ecc4b66bd60e61296221754c43b81803f4077e26bdcf52aced6da
SSDEEP

12288:zNo6BDYKR1kU+gLcnKNalKv1V0pjnGPzH:zNJkU+aqzAP0Nno

Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  85a9b80cf58ff00cbf501b77953bf31a_JaffaCakes118
- Size
  
  452KB
- MD5
  
  85a9b80cf58ff00cbf501b77953bf31a
- SHA1
  
  c99282e2337d76dbbdd1194ed07b2abb33eddd70
- SHA256
  
  a6a9419dd8bc7a56eec6e3ff07ea0ebd933af587a76fd7c77b886353edbb1ac6
- SHA512
  
  e8f2899b7220a1855b9b5ad56ac99387db7cd1477b9ea04775277c5f18c173d350e22c13172ecc4b66bd60e61296221754c43b81803f4077e26bdcf52aced6da
- SSDEEP
  
  12288:zNo6BDYKR1kU+gLcnKNalKv1V0pjnGPzH:zNJkU+aqzAP0Nno
Score

10^/10

metasploit backdoor discovery trojan persistence privilege_escalation
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan