metasploit | b0e184242cd2daafaf9f756b2140b0ea432ea733d66fdb03f1a0018ed28170e1 | Triage

Sharing

General

Target

ecb3fb6cabac7484f84184105ab4ad03_JaffaCakes118
Size

852KB
Sample

240920-ddvbeawalm
MD5

ecb3fb6cabac7484f84184105ab4ad03
SHA1

4e01872b5afdc16d1b18e1f650cbefa67d9ffbc5
SHA256

b0e184242cd2daafaf9f756b2140b0ea432ea733d66fdb03f1a0018ed28170e1
SHA512

4c46d96745e1a0e23ec3b6b8edc1c1808e5a8ca91de7e636d91bf11849dd74c862aad6e9dba1de031e3b4087cb007782accf781c6672d81bc3b5f8f232914d7b
SSDEEP

12288:HE+NLeE1PYEPZ0Vy3F4fjElBjIq2KKn/Hz6I:k+xPZ0VQoglFIlNV

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  ecb3fb6cabac7484f84184105ab4ad03_JaffaCakes118
- Size
  
  852KB
- MD5
  
  ecb3fb6cabac7484f84184105ab4ad03
- SHA1
  
  4e01872b5afdc16d1b18e1f650cbefa67d9ffbc5
- SHA256
  
  b0e184242cd2daafaf9f756b2140b0ea432ea733d66fdb03f1a0018ed28170e1
- SHA512
  
  4c46d96745e1a0e23ec3b6b8edc1c1808e5a8ca91de7e636d91bf11849dd74c862aad6e9dba1de031e3b4087cb007782accf781c6672d81bc3b5f8f232914d7b
- SSDEEP
  
  12288:HE+NLeE1PYEPZ0Vy3F4fjElBjIq2KKn/Hz6I:k+xPZ0VQoglFIlNV
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan