metasploit | e626e340cf2cdd3e55b21b122056d3f3ef880bcffcef4abc0659ff48d3eb3f4d | Triage

Submit
Reports

Overview

overview

Static

static

e435b6f60e...18.exe

windows7-x64

e435b6f60e...18.exe

windows10-2004-x64

Sharing

General

Target

e435b6f60ed68fe29ad76ba055220264_JaffaCakes118
Size

600KB
Sample

240916-hfhslstcnd
MD5

e435b6f60ed68fe29ad76ba055220264
SHA1

b9717d62e82e0f85a94672fd033e63ab876a7e61
SHA256

e626e340cf2cdd3e55b21b122056d3f3ef880bcffcef4abc0659ff48d3eb3f4d
SHA512

571ef5cc5d2c3a017ccfcbb52892b4c7946b6df2161dd3f24408bb8b8d55a9a91b6c68a1377f884cf28b71d21fe7aa637b361deda98a011cfa0e1c4f55bf237b
SSDEEP

12288:OtGXSmp9GRnlPQk04nQGWPv9p0Ijqfh3CfjRhNXXUtGSvCEafw:H+IkTQVnf0eq5hGS6Eyw

Score

10^/10

metasploit backdoor discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e435b6f60ed68fe29ad76ba055220264_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e435b6f60ed68fe29ad76ba055220264_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e435b6f60ed68fe29ad76ba055220264_JaffaCakes118
- Size
  
  600KB
- MD5
  
  e435b6f60ed68fe29ad76ba055220264
- SHA1
  
  b9717d62e82e0f85a94672fd033e63ab876a7e61
- SHA256
  
  e626e340cf2cdd3e55b21b122056d3f3ef880bcffcef4abc0659ff48d3eb3f4d
- SHA512
  
  571ef5cc5d2c3a017ccfcbb52892b4c7946b6df2161dd3f24408bb8b8d55a9a91b6c68a1377f884cf28b71d21fe7aa637b361deda98a011cfa0e1c4f55bf237b
- SSDEEP
  
  12288:OtGXSmp9GRnlPQk04nQGWPv9p0Ijqfh3CfjRhNXXUtGSvCEafw:H+IkTQVnf0eq5hGS6Eyw
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy