metasploit | dade3789c963ce12b46fd92df6687fbbd154ecdcfaafb52c29532fe6f7680077 | Triage

Sharing

General

Target

dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118
Size

400KB
Sample

240912-sstqra1enr
MD5

dc81cc00e3c1ba653ce977be0eb0dcf8
SHA1

63e2188464b88851c1c3d0d69ff3ce190c604d32
SHA256

dade3789c963ce12b46fd92df6687fbbd154ecdcfaafb52c29532fe6f7680077
SHA512

d089068a79d3a51eba20ca85ff642898f893c95f13a4fb579ee797e51001467a8dfde0bc005adfc02e17ce887ca39c3d0e02b19d99d7ea7e61e1f8e066e17bbe
SSDEEP

6144:/SC9dIz3FeP8TdEbn/I/yBfZuk8sVHhVZAVmIBQjIufF6/f4/DQ2CbungNrf:qCDIz3FeP8TdEbUsVHhVdIBQjIMOt

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  dc81cc00e3c1ba653ce977be0eb0dcf8_JaffaCakes118
- Size
  
  400KB
- MD5
  
  dc81cc00e3c1ba653ce977be0eb0dcf8
- SHA1
  
  63e2188464b88851c1c3d0d69ff3ce190c604d32
- SHA256
  
  dade3789c963ce12b46fd92df6687fbbd154ecdcfaafb52c29532fe6f7680077
- SHA512
  
  d089068a79d3a51eba20ca85ff642898f893c95f13a4fb579ee797e51001467a8dfde0bc005adfc02e17ce887ca39c3d0e02b19d99d7ea7e61e1f8e066e17bbe
- SSDEEP
  
  6144:/SC9dIz3FeP8TdEbn/I/yBfZuk8sVHhVZAVmIBQjIufF6/f4/DQ2CbungNrf:qCDIz3FeP8TdEbUsVHhVdIBQjIMOt
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan