metasploit | 2dcab2ea2abcc183d351c27be4b0c01860ab6a4250c84f76132f348548117766 | Triage

Submit
Reports

Overview

overview

Static

static

3

e6d6866e90...18.exe

windows7-x64

e6d6866e90...18.exe

windows10-2004-x64

7

Sharing

General

Target

e6d6866e90902a708fc0cfea69bd028a_JaffaCakes118
Size

1.5MB
Sample

240917-pvhvgstake
MD5

e6d6866e90902a708fc0cfea69bd028a
SHA1

47c26e495eefb975f5145c4fe3899588b98c0d63
SHA256

2dcab2ea2abcc183d351c27be4b0c01860ab6a4250c84f76132f348548117766
SHA512

5a2b15cdc979ab16805ef4d143ec8c60416043649c2815adeb1031e62db65233b4c811c1a169138cb27c1cdf8e3e26852c54707af9766931748f481b5ec89632
SSDEEP

24576:pxdC6cVrb8romUZJgWfqedOoqdIjXxQRkF1mpaq8xltMK0MuDwrefAXnYW9iyW:pDC6cb8Cdhq6jXrZxlW0reoXn

Score

10^/10

metasploit backdoor discovery evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6d6866e90902a708fc0cfea69bd028a_JaffaCakes118.exe

Resource

win7-20240729-en

metasploit backdoor discovery evasion themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6d6866e90902a708fc0cfea69bd028a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  e6d6866e90902a708fc0cfea69bd028a_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  e6d6866e90902a708fc0cfea69bd028a
- SHA1
  
  47c26e495eefb975f5145c4fe3899588b98c0d63
- SHA256
  
  2dcab2ea2abcc183d351c27be4b0c01860ab6a4250c84f76132f348548117766
- SHA512
  
  5a2b15cdc979ab16805ef4d143ec8c60416043649c2815adeb1031e62db65233b4c811c1a169138cb27c1cdf8e3e26852c54707af9766931748f481b5ec89632
- SSDEEP
  
  24576:pxdC6cVrb8romUZJgWfqedOoqdIjXxQRkF1mpaq8xltMK0MuDwrefAXnYW9iyW:pDC6cb8Cdhq6jXrZxlW0reoXn
Score

10^/10

metasploit backdoor discovery evasion themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies security service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionthemidatrojan

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy