metasploit | a541939b1086f9b5fe621ae455a80892c3f78307f3691f6253bf6f3cf6e3b4e0 | Triage

Sharing

General

Target

efe3ae1f1a79e72ef715d5f6b86725e5_JaffaCakes118
Size

512KB
Sample

240921-qnrz9athmg
MD5

efe3ae1f1a79e72ef715d5f6b86725e5
SHA1

756f01d7f3000e950fe9ea58424ed0a54fb9a819
SHA256

a541939b1086f9b5fe621ae455a80892c3f78307f3691f6253bf6f3cf6e3b4e0
SHA512

57043d8727929e0c5ab639d37c4b52aea99efb1017fec79952b5e3fb4c90eacc10446456d0a8e4245d79882a3d0af03254e1a9a9a45f99c1ee40c299dbb972b7
SSDEEP

12288:aROXJ3OAMsRcKWw4KM0Jisw3eq4APDKZIydB4fuShYzb3XRJU24J8/jNtKpJNnu8:aR+3TwG4eJLw3eq8z5Smb3BDrmpJpuGn

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.4:4444

Targets

- Target
  
  efe3ae1f1a79e72ef715d5f6b86725e5_JaffaCakes118
- Size
  
  512KB
- MD5
  
  efe3ae1f1a79e72ef715d5f6b86725e5
- SHA1
  
  756f01d7f3000e950fe9ea58424ed0a54fb9a819
- SHA256
  
  a541939b1086f9b5fe621ae455a80892c3f78307f3691f6253bf6f3cf6e3b4e0
- SHA512
  
  57043d8727929e0c5ab639d37c4b52aea99efb1017fec79952b5e3fb4c90eacc10446456d0a8e4245d79882a3d0af03254e1a9a9a45f99c1ee40c299dbb972b7
- SSDEEP
  
  12288:aROXJ3OAMsRcKWw4KM0Jisw3eq4APDKZIydB4fuShYzb3XRJU24J8/jNtKpJNnu8:aR+3TwG4eJLw3eq8z5Smb3BDrmpJpuGn
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2