metasploit | 1c59a36d5f9dc05f0ebce9d47b689d0b2d41065b1244c91316ce437bddcfe474 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd7ab7d3832064d0e80c15ff3225f7fe_JaffaCakes118
Size

74KB
Sample

240823-2splga1hjc
MD5

bd7ab7d3832064d0e80c15ff3225f7fe
SHA1

5f54e10f92dd99f28cfccafb3ef92f621162827e
SHA256

1c59a36d5f9dc05f0ebce9d47b689d0b2d41065b1244c91316ce437bddcfe474
SHA512

b05dfab22c44b94bbfa913b12f79b1ca7b73f3271f643bc05264f91ed39166b0f9ffa50cc8f08cb2c5faa66adce11175f9cd04fa042c1252073f170f221259e1
SSDEEP

768:/8DyqFxZBTlC3OKCrDM+WRxidXbkSZn02oS0oM8HJWAEwVbGx:/OZwYg+WPwXbS2oS0oM84AEwVax

Score

10^/10

metasploit backdoor discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  bd7ab7d3832064d0e80c15ff3225f7fe_JaffaCakes118
- Size
  
  74KB
- MD5
  
  bd7ab7d3832064d0e80c15ff3225f7fe
- SHA1
  
  5f54e10f92dd99f28cfccafb3ef92f621162827e
- SHA256
  
  1c59a36d5f9dc05f0ebce9d47b689d0b2d41065b1244c91316ce437bddcfe474
- SHA512
  
  b05dfab22c44b94bbfa913b12f79b1ca7b73f3271f643bc05264f91ed39166b0f9ffa50cc8f08cb2c5faa66adce11175f9cd04fa042c1252073f170f221259e1
- SSDEEP
  
  768:/8DyqFxZBTlC3OKCrDM+WRxidXbkSZn02oS0oM8HJWAEwVbGx:/OZwYg+WPwXbS2oS0oM84AEwVax
Score

10^/10

metasploit backdoor discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasiontrojan

behavioral2

metasploitbackdoordiscoveryevasiontrojan