metasploit | f828df4da931c8a91ac217e8190d08628b8466f544a1b55776954c950fa6add1 | Triage

Submit
Reports

Overview

overview

Static

static

7

e9b2d68cd1...18.exe

windows7-x64

e9b2d68cd1...18.exe

windows10-2004-x64

Sharing

General

Target

e9b2d68cd1de41c6278776f2d1249676_JaffaCakes118
Size

223KB
Sample

240918-wsd7vavgnc
MD5

e9b2d68cd1de41c6278776f2d1249676
SHA1

f73c4389a576fc2f92b7b82f2950652d0deaad32
SHA256

f828df4da931c8a91ac217e8190d08628b8466f544a1b55776954c950fa6add1
SHA512

b4e04758bd2cbeb58e71ed36205b14b5e1677b572d9be61c0dc977d92c9e99517652e8c808140b3d4644ca8dff450c6b02e2a339462dfcf93570ef069f548cd8
SSDEEP

1536:ccSnlSXYBOPn3g2bdw72D7hoMLfp08SdcLnYPTEBEEoaH09Pohkya5NCkFi3cf5W:SnFB+gG7oMdP8Eq4Ed9w2yaDCOi6tU

Score

10^/10

metasploit backdoor discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e9b2d68cd1de41c6278776f2d1249676_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9b2d68cd1de41c6278776f2d1249676_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e9b2d68cd1de41c6278776f2d1249676_JaffaCakes118
- Size
  
  223KB
- MD5
  
  e9b2d68cd1de41c6278776f2d1249676
- SHA1
  
  f73c4389a576fc2f92b7b82f2950652d0deaad32
- SHA256
  
  f828df4da931c8a91ac217e8190d08628b8466f544a1b55776954c950fa6add1
- SHA512
  
  b4e04758bd2cbeb58e71ed36205b14b5e1677b572d9be61c0dc977d92c9e99517652e8c808140b3d4644ca8dff450c6b02e2a339462dfcf93570ef069f548cd8
- SSDEEP
  
  1536:ccSnlSXYBOPn3g2bdw72D7hoMLfp08SdcLnYPTEBEEoaH09Pohkya5NCkFi3cf5W:SnFB+gG7oMdP8Eq4Ed9w2yaDCOi6tU
Score

10^/10

metasploit backdoor discovery trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojanupx

behavioral2

metasploitbackdoordiscoverytrojanupx

© 2018-2025

Terms | Privacy