metasploit | 9d3037b0d335e62d630b1e9696af9bbf56cfdc58b9245792daaf3a236a7c13e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

e5d9a0ae25...18.exe

windows7-x64

1

e5d9a0ae25...18.exe

windows10-2004-x64

Sharing

General

Target

e5d9a0ae25a4267911f8a7bcf650597e_JaffaCakes118
Size

88KB
Sample

240917-azdc8sxhqh
MD5

e5d9a0ae25a4267911f8a7bcf650597e
SHA1

f613ab292e797e2f246af2c0d18bb0420285983a
SHA256

9d3037b0d335e62d630b1e9696af9bbf56cfdc58b9245792daaf3a236a7c13e8
SHA512

8f11d30fc9e20446f02652a0ad24d3d46c1bfaf7afa0dbed716b1b4f25369c1bda81dd4daaa42b11f1ac7a284db04434f60d62ee853711919bd2ebcbcb340d87
SSDEEP

1536:9Mq8Qgj5JBhyd+O3R7CLosPiSui3ZCEqNTk97TscicRoZO24gavHE4KV19o9ms7A:G9y0O30CO0EaTk973RoZOnl/n+eV8

Score

10^/10

metasploit backdoor discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e5d9a0ae25a4267911f8a7bcf650597e_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5d9a0ae25a4267911f8a7bcf650597e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e5d9a0ae25a4267911f8a7bcf650597e_JaffaCakes118
- Size
  
  88KB
- MD5
  
  e5d9a0ae25a4267911f8a7bcf650597e
- SHA1
  
  f613ab292e797e2f246af2c0d18bb0420285983a
- SHA256
  
  9d3037b0d335e62d630b1e9696af9bbf56cfdc58b9245792daaf3a236a7c13e8
- SHA512
  
  8f11d30fc9e20446f02652a0ad24d3d46c1bfaf7afa0dbed716b1b4f25369c1bda81dd4daaa42b11f1ac7a284db04434f60d62ee853711919bd2ebcbcb340d87
- SSDEEP
  
  1536:9Mq8Qgj5JBhyd+O3R7CLosPiSui3ZCEqNTk97TscicRoZO24gavHE4KV19o9ms7A:G9y0O30CO0EaTk973RoZOnl/n+eV8
Score

10^/10

metasploit backdoor discovery persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoordiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy