metasploit | d5f1020da94d77e9dee245319d3d3c9323b0953d8b51fe16bbe6154ca1e3d1a8 | Triage

Sharing

General

Target

e859b47c89c599494f1def3eff1ae243_JaffaCakes118
Size

92KB
Sample

240918-fbgcwatarf
MD5

e859b47c89c599494f1def3eff1ae243
SHA1

d529bab272fd5a9649ea0d61b16e47bcf09fe22d
SHA256

d5f1020da94d77e9dee245319d3d3c9323b0953d8b51fe16bbe6154ca1e3d1a8
SHA512

8019e30eb31b4d4b4a58420cabf101e51a69d7d54f3bfa9567a24a043f99c909d519ada4f2735000923c1101ef7425fb5854290c1ffc86f67ff62e9f29f3393d
SSDEEP

768:6H6dyEmquM16T37+CBfB78pdW/hKEZlJ+3Q2vBIAUVIx0TqhztTFsHnhCNjDD/uh:Y4m3M16T3xRZ8pdKxMgojmHhCNjDDT4V

Score

10^/10

metasploit backdoor discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e859b47c89c599494f1def3eff1ae243_JaffaCakes118
- Size
  
  92KB
- MD5
  
  e859b47c89c599494f1def3eff1ae243
- SHA1
  
  d529bab272fd5a9649ea0d61b16e47bcf09fe22d
- SHA256
  
  d5f1020da94d77e9dee245319d3d3c9323b0953d8b51fe16bbe6154ca1e3d1a8
- SHA512
  
  8019e30eb31b4d4b4a58420cabf101e51a69d7d54f3bfa9567a24a043f99c909d519ada4f2735000923c1101ef7425fb5854290c1ffc86f67ff62e9f29f3393d
- SSDEEP
  
  768:6H6dyEmquM16T37+CBfB78pdW/hKEZlJ+3Q2vBIAUVIx0TqhztTFsHnhCNjDD/uh:Y4m3M16T3xRZ8pdKxMgojmHhCNjDDT4V
Score

10^/10

metasploit backdoor discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistencetrojan

behavioral2

metasploitbackdoordiscoverypersistencetrojan