metasploit | cf3582e4dfed8b6439c40755cd42149fe293d8d766a36b1a881ecbad7c62331f | Triage

Sharing

General

Target

f16800dea64522d686d88e67c7b02597_JaffaCakes118
Size

133KB
Sample

240922-gmgnfsvdra
MD5

f16800dea64522d686d88e67c7b02597
SHA1

69659552cc08c3be06edb77d32bed5828663af96
SHA256

cf3582e4dfed8b6439c40755cd42149fe293d8d766a36b1a881ecbad7c62331f
SHA512

a20e6ff79c5b687c72c9a0797bce065c3a42ed1df3b33b2bdbe0d50dbf6db624a8f4b0d3287891d92f45ab1ba2c521ffb209852cd5a1c1355bf3ce5446c6dbf5
SSDEEP

3072:EqpGB2uBATxmU7JN7hN6co0KFc5kfm3ly5TP6hLeRS:EqpGBR2xmwn7hhmfAlykoRS

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f16800dea64522d686d88e67c7b02597_JaffaCakes118
- Size
  
  133KB
- MD5
  
  f16800dea64522d686d88e67c7b02597
- SHA1
  
  69659552cc08c3be06edb77d32bed5828663af96
- SHA256
  
  cf3582e4dfed8b6439c40755cd42149fe293d8d766a36b1a881ecbad7c62331f
- SHA512
  
  a20e6ff79c5b687c72c9a0797bce065c3a42ed1df3b33b2bdbe0d50dbf6db624a8f4b0d3287891d92f45ab1ba2c521ffb209852cd5a1c1355bf3ce5446c6dbf5
- SSDEEP
  
  3072:EqpGB2uBATxmU7JN7hN6co0KFc5kfm3ly5TP6hLeRS:EqpGBR2xmwn7hhmfAlykoRS
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan