metasploit | 114c21a7f2b9c0899e6a1ac57b782e1c85405dc3925da36ba8aa76678d262801 | Triage

Sharing

General

Target

d4a847fbc769c117e64dee45831a2b52_JaffaCakes118
Size

812KB
Sample

240908-sqmjnashqm
MD5

d4a847fbc769c117e64dee45831a2b52
SHA1

19fbba630167b91ed03b6ce1c522f65569780730
SHA256

114c21a7f2b9c0899e6a1ac57b782e1c85405dc3925da36ba8aa76678d262801
SHA512

bb09bd100b302372d95159607ff66f93927a99db67a8d53bc7ff324017f0f47e6dd52bb35d80073dab2a131ad45f6b80aabcb152e4093dd4ced239cf4c11764f
SSDEEP

24576:J2cmIL4YBcaqgi2J+YK5o430p2o0eTRQxeF8e:J2CMYBcapDuWwW2o02eeFb

Score

10^/10

metasploit backdoor discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d4a847fbc769c117e64dee45831a2b52_JaffaCakes118
- Size
  
  812KB
- MD5
  
  d4a847fbc769c117e64dee45831a2b52
- SHA1
  
  19fbba630167b91ed03b6ce1c522f65569780730
- SHA256
  
  114c21a7f2b9c0899e6a1ac57b782e1c85405dc3925da36ba8aa76678d262801
- SHA512
  
  bb09bd100b302372d95159607ff66f93927a99db67a8d53bc7ff324017f0f47e6dd52bb35d80073dab2a131ad45f6b80aabcb152e4093dd4ced239cf4c11764f
- SSDEEP
  
  24576:J2cmIL4YBcaqgi2J+YK5o430p2o0eTRQxeF8e:J2CMYBcapDuWwW2o02eeFb
Score

10^/10

metasploit backdoor discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasiontrojan

behavioral2

discoveryevasion