metasploit | 89f652cf7ffbd3698f4f7ede5a53c638868706d24d3367a1a18f1b3e3806ad18 | Triage

Sharing

General

Target

e2a695764004615ce95eb2405f1e36b8_JaffaCakes118
Size

50KB
Sample

240915-rcfnhswgnf
MD5

e2a695764004615ce95eb2405f1e36b8
SHA1

3e3e19180adb273f882ef700feb870075524055e
SHA256

89f652cf7ffbd3698f4f7ede5a53c638868706d24d3367a1a18f1b3e3806ad18
SHA512

d57819978f592ec5e86442ae8c2c6af4d92bf5f6f5220ecde79c06e44cc9f8b55b575bc319be483ccd3e64142076877539d167188d7f95b20a3afed4909cac25
SSDEEP

768:rmYhFpv5qL2K33/gXZlgQprcQEoM1xOPmazukZNNX9BM99OeQOH+mjhtoLvtQLyM:rj7Fv8iCQ2dl1Ezuz9OetfhtoJaPCe

Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  e2a695764004615ce95eb2405f1e36b8_JaffaCakes118
- Size
  
  50KB
- MD5
  
  e2a695764004615ce95eb2405f1e36b8
- SHA1
  
  3e3e19180adb273f882ef700feb870075524055e
- SHA256
  
  89f652cf7ffbd3698f4f7ede5a53c638868706d24d3367a1a18f1b3e3806ad18
- SHA512
  
  d57819978f592ec5e86442ae8c2c6af4d92bf5f6f5220ecde79c06e44cc9f8b55b575bc319be483ccd3e64142076877539d167188d7f95b20a3afed4909cac25
- SSDEEP
  
  768:rmYhFpv5qL2K33/gXZlgQprcQEoM1xOPmazukZNNX9BM99OeQOH+mjhtoLvtQLyM:rj7Fv8iCQ2dl1Ezuz9OetfhtoJaPCe
Score

10^/10

discovery metasploit backdoor defense_evasion persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Server Software Component: Terminal Services DLL
  persistence
- Sets service image path in registry
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Server Software Component

Terminal Services DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoordefense_evasiondiscoverypersistencetrojan