metasploit

General

Target

a98805ef01ebade3e0d5eaef1dc5d1d7_JaffaCakes118
Size

484KB
Sample

240819-erjx9sxbmr
MD5

a98805ef01ebade3e0d5eaef1dc5d1d7
SHA1

dd2b9afb456cf0fa5cb877e2ac523c295e8eb1ce
SHA256

e775714ca500ee2ca6d04f22c83ef858206fd9a8b1323a1af365cb8af1193492
SHA512

c352164b13f9ab496756b09cec7d651f366a6f904784b341ade20b77dda97d4f91cd3e3bc5be0b903b893638368dc149ec3ddad4be15a810d91d807d0ade7a87
SSDEEP

12288:ymPTZKmiXkTwKRrnm2x9vqwYXOKru9R1GDQKqd8/tyC:ykTsmweS27vFfKiRYDQTCty

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  a98805ef01ebade3e0d5eaef1dc5d1d7_JaffaCakes118
- Size
  
  484KB
- MD5
  
  a98805ef01ebade3e0d5eaef1dc5d1d7
- SHA1
  
  dd2b9afb456cf0fa5cb877e2ac523c295e8eb1ce
- SHA256
  
  e775714ca500ee2ca6d04f22c83ef858206fd9a8b1323a1af365cb8af1193492
- SHA512
  
  c352164b13f9ab496756b09cec7d651f366a6f904784b341ade20b77dda97d4f91cd3e3bc5be0b903b893638368dc149ec3ddad4be15a810d91d807d0ade7a87
- SSDEEP
  
  12288:ymPTZKmiXkTwKRrnm2x9vqwYXOKru9R1GDQKqd8/tyC:ykTsmweS27vFfKiRYDQTCty
Score

10^/10

metasploit backdoor defense_evasion discovery themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Deletes itself
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

1

T1070

File Deletion

1

T1070.004

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Themida packer

Indicator Removal: File Deletion

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2