metasploit | 4eaa4e74021db2d124e6b5979cd2cda877a9d4a204f4b34430102e1989236d61 | Triage

Sharing

General

Target

efe3736fe4f5ba9b7aceb15270500679_JaffaCakes118
Size

113KB
Sample

240921-qng52sthmb
MD5

efe3736fe4f5ba9b7aceb15270500679
SHA1

ad66cb10dbcb4964ec640466d8304fe5741bed95
SHA256

4eaa4e74021db2d124e6b5979cd2cda877a9d4a204f4b34430102e1989236d61
SHA512

2ddd6ac3786c069a162e0cf8eb11a203ca2ea5692a1dab2b20ed9979903b43677cb1b6868d82c2e594f7e4828ccdcc9406e22d81f0d175b80d5dd60f287705a6
SSDEEP

3072:jL2nmXmAXjuaenOuoV0zrbK7s+pcF7MNFwrK3xU+1:ntTzuVna0zr3ycF7MNFCsxU8

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  efe3736fe4f5ba9b7aceb15270500679_JaffaCakes118
- Size
  
  113KB
- MD5
  
  efe3736fe4f5ba9b7aceb15270500679
- SHA1
  
  ad66cb10dbcb4964ec640466d8304fe5741bed95
- SHA256
  
  4eaa4e74021db2d124e6b5979cd2cda877a9d4a204f4b34430102e1989236d61
- SHA512
  
  2ddd6ac3786c069a162e0cf8eb11a203ca2ea5692a1dab2b20ed9979903b43677cb1b6868d82c2e594f7e4828ccdcc9406e22d81f0d175b80d5dd60f287705a6
- SSDEEP
  
  3072:jL2nmXmAXjuaenOuoV0zrbK7s+pcF7MNFwrK3xU+1:ntTzuVna0zr3ycF7MNFCsxU8
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2