metasploit | 7201ad8697d45bedfc6e4bd620dc633c1cb1c43ac5cb14591185f7cb65b0eae3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d72c8009be64fba34474ba6ef4bd2b2b_JaffaCakes118
Size

104KB
Sample

240909-13zczssglk
MD5

d72c8009be64fba34474ba6ef4bd2b2b
SHA1

6d4ff4cc40f8593f42ac1e58db2755d85e9f6191
SHA256

7201ad8697d45bedfc6e4bd620dc633c1cb1c43ac5cb14591185f7cb65b0eae3
SHA512

0613dd76a8d92291ab5e675a3fdb99ec39dbc84d89bb45289a13b91f71c9e80a5139dcd38cb7c3cf5ab43191b94b50c245abc47204217b7d30d20499be6b7a1b
SSDEEP

1536:/diVwLzzQyTiyhmUgLNi7fvytydce48qT4KTL3M6RFm2CzYDEtkBB+ZX54:0aL3QEiy7gtEce48+4KRFmSJV

Score

10^/10

metasploit backdoor discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d72c8009be64fba34474ba6ef4bd2b2b_JaffaCakes118
- Size
  
  104KB
- MD5
  
  d72c8009be64fba34474ba6ef4bd2b2b
- SHA1
  
  6d4ff4cc40f8593f42ac1e58db2755d85e9f6191
- SHA256
  
  7201ad8697d45bedfc6e4bd620dc633c1cb1c43ac5cb14591185f7cb65b0eae3
- SHA512
  
  0613dd76a8d92291ab5e675a3fdb99ec39dbc84d89bb45289a13b91f71c9e80a5139dcd38cb7c3cf5ab43191b94b50c245abc47204217b7d30d20499be6b7a1b
- SSDEEP
  
  1536:/diVwLzzQyTiyhmUgLNi7fvytydce48qT4KTL3M6RFm2CzYDEtkBB+ZX54:0aL3QEiy7gtEce48+4KRFmSJV
Score

10^/10

metasploit backdoor discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistencetrojan

behavioral2

metasploitbackdoordiscoverypersistencetrojan