metasploit | 30df1850fe2a9d1eeb901fbf39410f9a5b35e0931da7e876355fe05ff7f46f9a | Triage

Sharing

General

Target

dd386907039d0b2564c0a38d7f58cdc4_JaffaCakes118
Size

5KB
Sample

240912-28586a1apq
MD5

dd386907039d0b2564c0a38d7f58cdc4
SHA1

7f9b2d6892f99184b3d47e22342d94d303a62a24
SHA256

30df1850fe2a9d1eeb901fbf39410f9a5b35e0931da7e876355fe05ff7f46f9a
SHA512

bcf358202269ec0c5c18a3d0287fd9477107d4a5b6c6e7511a88bad336700090462fa7d344231afa4394f6cfbf256cf9b2f546694ebf18149eaefa0da4b9acad
SSDEEP

24:ev1GSFGFajE/K3tQ3zSaJ2IkM6Pv617s3h/LjpKpuMAmwyhZoc6+:qFGFajFK3zSIe7h/TMXhZoc6+

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

149.248.6.193:2000

Targets

- Target
  
  dd386907039d0b2564c0a38d7f58cdc4_JaffaCakes118
- Size
  
  5KB
- MD5
  
  dd386907039d0b2564c0a38d7f58cdc4
- SHA1
  
  7f9b2d6892f99184b3d47e22342d94d303a62a24
- SHA256
  
  30df1850fe2a9d1eeb901fbf39410f9a5b35e0931da7e876355fe05ff7f46f9a
- SHA512
  
  bcf358202269ec0c5c18a3d0287fd9477107d4a5b6c6e7511a88bad336700090462fa7d344231afa4394f6cfbf256cf9b2f546694ebf18149eaefa0da4b9acad
- SSDEEP
  
  24:ev1GSFGFajE/K3tQ3zSaJ2IkM6Pv617s3h/LjpKpuMAmwyhZoc6+:qFGFajFK3zSIe7h/TMXhZoc6+
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan