metasploit | 67bd628bed44a1e7bd62c14c79cafdc9593d749c04ed3267d3842a6f054b002e | Triage

Sharing

General

Target

e3e9cbf263beb4d2a1f86d2a3e63300d_JaffaCakes118
Size

525KB
Sample

240916-dp72mswgnp
MD5

e3e9cbf263beb4d2a1f86d2a3e63300d
SHA1

e8db946f011cb762ba6ceb9bc7a05c55fb885da3
SHA256

67bd628bed44a1e7bd62c14c79cafdc9593d749c04ed3267d3842a6f054b002e
SHA512

e2f97ddeeeecb2beab5e3888cb1a0d0505f22b45c5eb7fd21dbaed79b89704be8b4f291c34f87ff31ea838641e2b70a50357462c535bf28cc664c3a5716d774c
SSDEEP

12288:ezjK3Gx6kltkR796zJVUverddPcOL8RJPfFCYHrE2cQXWsDQmIitVDVe:ezjKW4kjkazJVl5JcOIfFHHG9lz85e

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e3e9cbf263beb4d2a1f86d2a3e63300d_JaffaCakes118
- Size
  
  525KB
- MD5
  
  e3e9cbf263beb4d2a1f86d2a3e63300d
- SHA1
  
  e8db946f011cb762ba6ceb9bc7a05c55fb885da3
- SHA256
  
  67bd628bed44a1e7bd62c14c79cafdc9593d749c04ed3267d3842a6f054b002e
- SHA512
  
  e2f97ddeeeecb2beab5e3888cb1a0d0505f22b45c5eb7fd21dbaed79b89704be8b4f291c34f87ff31ea838641e2b70a50357462c535bf28cc664c3a5716d774c
- SSDEEP
  
  12288:ezjK3Gx6kltkR796zJVUverddPcOL8RJPfFCYHrE2cQXWsDQmIitVDVe:ezjKW4kjkazJVl5JcOIfFHHG9lz85e
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

discoveryevasion