metasploit | de615be1170b2dcd3693bad48e969c66e9068209aa06aff543daa81ea69945ec | Triage

Sharing

General

Target

e4793601cffb3ba161163909ea2de0af_JaffaCakes118
Size

121KB
Sample

240916-le54aszfrm
MD5

e4793601cffb3ba161163909ea2de0af
SHA1

b7ff4bb12452f08d81c224dd0c3567166af0c6b9
SHA256

de615be1170b2dcd3693bad48e969c66e9068209aa06aff543daa81ea69945ec
SHA512

d148fdb8c0d6fa95aaaf3a7c7c6e575cffa74ef90c180e6480aa513def607535bffb88204d5c65d94effefeacb529c4b34794cc7c66ee405afa91228e830c30a
SSDEEP

3072:Ns0uSyTn8AwXzcYeY69t8KEAIKelkMkLLSHmI:O0udz8dDd6VEA+6MwuHn

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  e4793601cffb3ba161163909ea2de0af_JaffaCakes118
- Size
  
  121KB
- MD5
  
  e4793601cffb3ba161163909ea2de0af
- SHA1
  
  b7ff4bb12452f08d81c224dd0c3567166af0c6b9
- SHA256
  
  de615be1170b2dcd3693bad48e969c66e9068209aa06aff543daa81ea69945ec
- SHA512
  
  d148fdb8c0d6fa95aaaf3a7c7c6e575cffa74ef90c180e6480aa513def607535bffb88204d5c65d94effefeacb529c4b34794cc7c66ee405afa91228e830c30a
- SSDEEP
  
  3072:Ns0uSyTn8AwXzcYeY69t8KEAIKelkMkLLSHmI:O0udz8dDd6VEA+6MwuHn
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan