metasploit | fcdea98052597524f800c0c6e28d40fe51f62fc8b2287f95192ebd1c9f937c64 | Triage

Submit
Reports

Overview

overview

Static

static

7

d1d1af1400...18.exe

windows7-x64

d1d1af1400...18.exe

windows10-2004-x64

3

Sharing

General

Target

d1d1af14003eeb8cb1a4c6ac753ae8e6_JaffaCakes118
Size

622KB
Sample

240907-nh59kssare
MD5

d1d1af14003eeb8cb1a4c6ac753ae8e6
SHA1

1bb97579dfd6be5162c1f796df6838353d0d6796
SHA256

fcdea98052597524f800c0c6e28d40fe51f62fc8b2287f95192ebd1c9f937c64
SHA512

64687d6ac448d9eb9e69c091dbda777bad0ca2ed6e0e61fdb94562b9044551fbe6ac4ac2a9bda538d6256a9fd8528b92072a844ca5e8d188b317109c90d26e50
SSDEEP

12288:K3MDiD2WyhPvKz+udTz6YX5geW9bl0cQ7SCjSB8jTpjpOc:K8DIYwBNzzX5geW9b+cqj+8RpR

Score

10^/10

metasploit backdoor discovery themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d1d1af14003eeb8cb1a4c6ac753ae8e6_JaffaCakes118.exe

Resource

win7-20240729-en

metasploit backdoor discovery themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1d1af14003eeb8cb1a4c6ac753ae8e6_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d1d1af14003eeb8cb1a4c6ac753ae8e6_JaffaCakes118
- Size
  
  622KB
- MD5
  
  d1d1af14003eeb8cb1a4c6ac753ae8e6
- SHA1
  
  1bb97579dfd6be5162c1f796df6838353d0d6796
- SHA256
  
  fcdea98052597524f800c0c6e28d40fe51f62fc8b2287f95192ebd1c9f937c64
- SHA512
  
  64687d6ac448d9eb9e69c091dbda777bad0ca2ed6e0e61fdb94562b9044551fbe6ac4ac2a9bda538d6256a9fd8528b92072a844ca5e8d188b317109c90d26e50
- SSDEEP
  
  12288:K3MDiD2WyhPvKz+udTz6YX5geW9bl0cQ7SCjSB8jTpjpOc:K8DIYwBNzzX5geW9b+cqj+8RpR
Score

10^/10

metasploit backdoor discovery themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverythemidatrojan

behavioral2

© 2018-2025

Terms | Privacy