metasploit | a1ef37444b6e1b8a30cdeed40de0a6d7c86f750a4f2355c69a5a6849e82d772d | Triage

Sharing

General

Target

de91a7fe31ed66c3e047fb1ea1269ec8_JaffaCakes118
Size

1.3MB
Sample

240913-v3fb8azcma
MD5

de91a7fe31ed66c3e047fb1ea1269ec8
SHA1

d46c278786e2be435330fddc3d6ba1e8301cd3af
SHA256

a1ef37444b6e1b8a30cdeed40de0a6d7c86f750a4f2355c69a5a6849e82d772d
SHA512

703cf07914ff5155ccc4460e78028a89ddf97a492e2c60c6dba25c066faef522716027df38c0a0f783997f10c1079ac0e094e19a399a25d36a26a4a3e555b1bf
SSDEEP

24576:9rzMyPt4PdiGr/wf66m2tov+YtgVq2TiQULeMHYM/nV4hV6P0BOeMT6FJy7:9rzMtLr/wf664HtW/5UJH9/nVW6iI6

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  de91a7fe31ed66c3e047fb1ea1269ec8_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  de91a7fe31ed66c3e047fb1ea1269ec8
- SHA1
  
  d46c278786e2be435330fddc3d6ba1e8301cd3af
- SHA256
  
  a1ef37444b6e1b8a30cdeed40de0a6d7c86f750a4f2355c69a5a6849e82d772d
- SHA512
  
  703cf07914ff5155ccc4460e78028a89ddf97a492e2c60c6dba25c066faef522716027df38c0a0f783997f10c1079ac0e094e19a399a25d36a26a4a3e555b1bf
- SSDEEP
  
  24576:9rzMyPt4PdiGr/wf66m2tov+YtgVq2TiQULeMHYM/nV4hV6P0BOeMT6FJy7:9rzMtLr/wf664HtW/5UJH9/nVW6iI6
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2