metasploit | 976cb27f27db00e77ffc592a8fa5e03668b2bf13e709531e60ea6911b15ec306 | Triage

Sharing

General

Target

f2a2a1ff78930e3465c115672b5992da_JaffaCakes118
Size

362KB
Sample

240923-tmz61ssbqk
MD5

f2a2a1ff78930e3465c115672b5992da
SHA1

8b8ec549638496c5933d579cc1a429ebceffee96
SHA256

976cb27f27db00e77ffc592a8fa5e03668b2bf13e709531e60ea6911b15ec306
SHA512

9cdea4f7cd75f5f92fab819e4f2934f89b1cec2ed2353c0b2f5a9196d9bb469a205eb1278b30189d7834df094a34829d4f3da93c9b2bc6249389dd946cd42b05
SSDEEP

6144:5S6p7C/ZzSBw6q6shq6sUbN+WnQcj1LzcvZvAMa8+5KrJERbKzQ:8ZmC6sY6sUbEWnnj9CZYM/TQ

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f2a2a1ff78930e3465c115672b5992da_JaffaCakes118
- Size
  
  362KB
- MD5
  
  f2a2a1ff78930e3465c115672b5992da
- SHA1
  
  8b8ec549638496c5933d579cc1a429ebceffee96
- SHA256
  
  976cb27f27db00e77ffc592a8fa5e03668b2bf13e709531e60ea6911b15ec306
- SHA512
  
  9cdea4f7cd75f5f92fab819e4f2934f89b1cec2ed2353c0b2f5a9196d9bb469a205eb1278b30189d7834df094a34829d4f3da93c9b2bc6249389dd946cd42b05
- SSDEEP
  
  6144:5S6p7C/ZzSBw6q6shq6sUbN+WnQcj1LzcvZvAMa8+5KrJERbKzQ:8ZmC6sY6sUbEWnnj9CZYM/TQ
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan