metasploit | 771e11a0254f407da8eb855cb85ae357f4255f7b41e27bc28e9dcd835bff7faa | Triage

Submit
Reports

Overview

overview

Static

static

3

f25e1718c4...18.exe

windows7-x64

f25e1718c4...18.exe

windows10-2004-x64

Sharing

General

Target

f25e1718c46759c9efc5a3b762817afc_JaffaCakes118
Size

288KB
Sample

240922-tpk5wayclq
MD5

f25e1718c46759c9efc5a3b762817afc
SHA1

e6beda436c6de39ad14442f7a0d1147860044771
SHA256

771e11a0254f407da8eb855cb85ae357f4255f7b41e27bc28e9dcd835bff7faa
SHA512

e7c12cc54845e3d22ba260be4fa204cc6f3b064b36322a5dc1d95f9026f755c89698de3bd5d9bd9ae50ed05e61edc45ad837d878f3bad51b407d5526e70bf888
SSDEEP

3072:Mfd77aJDLiX0ZxUzilNt+Z4QTEKt6pt736NDNy3SagNoXMOoIPME58a:ghGJU0Zx6dEKO6FNyvgNwlPME5R

Score

10^/10

metasploit backdoor discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f25e1718c46759c9efc5a3b762817afc_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f25e1718c46759c9efc5a3b762817afc_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f25e1718c46759c9efc5a3b762817afc_JaffaCakes118
- Size
  
  288KB
- MD5
  
  f25e1718c46759c9efc5a3b762817afc
- SHA1
  
  e6beda436c6de39ad14442f7a0d1147860044771
- SHA256
  
  771e11a0254f407da8eb855cb85ae357f4255f7b41e27bc28e9dcd835bff7faa
- SHA512
  
  e7c12cc54845e3d22ba260be4fa204cc6f3b064b36322a5dc1d95f9026f755c89698de3bd5d9bd9ae50ed05e61edc45ad837d878f3bad51b407d5526e70bf888
- SSDEEP
  
  3072:Mfd77aJDLiX0ZxUzilNt+Z4QTEKt6pt736NDNy3SagNoXMOoIPME58a:ghGJU0Zx6dEKO6FNyvgNwlPME5R
Score

10^/10

metasploit backdoor discovery trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojanupx

behavioral2

metasploitbackdoordiscoverytrojanupx

© 2018-2025

Terms | Privacy