metasploit | a30538fadd01aa54147f568d7a052f634474171a65e790141834d19ae9da0b57 | Triage

Sharing

General

Target

86cfa223f7f1b5976ddc5211edbaeda6_JaffaCakes118
Size

5.8MB
Sample

240810-t1d6ps1hna
MD5

86cfa223f7f1b5976ddc5211edbaeda6
SHA1

7d4bdc0bb18b42ca45ee86a1f68fc50dcd1886e6
SHA256

a30538fadd01aa54147f568d7a052f634474171a65e790141834d19ae9da0b57
SHA512

b36f0ffc328e4148007996d4d686a4b60b218240ce4a1f51e6eb95c15aaab07ae71a7b846ec486b32cc983c8413befa865bab7543086db81273289ed0bbef339
SSDEEP

768:O0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:O0OAc3FcxBsdVdsyBhXP

Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  86cfa223f7f1b5976ddc5211edbaeda6_JaffaCakes118
- Size
  
  5.8MB
- MD5
  
  86cfa223f7f1b5976ddc5211edbaeda6
- SHA1
  
  7d4bdc0bb18b42ca45ee86a1f68fc50dcd1886e6
- SHA256
  
  a30538fadd01aa54147f568d7a052f634474171a65e790141834d19ae9da0b57
- SHA512
  
  b36f0ffc328e4148007996d4d686a4b60b218240ce4a1f51e6eb95c15aaab07ae71a7b846ec486b32cc983c8413befa865bab7543086db81273289ed0bbef339
- SSDEEP
  
  768:O0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:O0OAc3FcxBsdVdsyBhXP
Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordefense_evasiondiscoverypersistencetrojan

behavioral2

metasploitbackdoordefense_evasiondiscoverypersistencetrojan