metasploit | d8d98aca37ca3d943cc7514a7977c3323eeecceb9e7b12015f2932dba3cd6eab | Triage

Sharing

General

Target

f2d8d3ef1d5623bdfa9a0eebd4fc2266_JaffaCakes118
Size

272KB
Sample

240923-wt52yswdmj
MD5

f2d8d3ef1d5623bdfa9a0eebd4fc2266
SHA1

1a86274d2db5433939ed092da2aa9061b81f4d70
SHA256

d8d98aca37ca3d943cc7514a7977c3323eeecceb9e7b12015f2932dba3cd6eab
SHA512

189d3760dd2cc2521423bd3c1d7ce80a9160efbf50239a32dde000b6ee5725735f5e8bae581ab800ddd00211c3e13838b3fb40ae2d4fb5805f7126c55528de4a
SSDEEP

6144:d/H+8pmvtzHm48oilMAOSf0XFdkzR9CnPYlt8:dv+Ym1Y0AOSfaeR0nwf8

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f2d8d3ef1d5623bdfa9a0eebd4fc2266_JaffaCakes118
- Size
  
  272KB
- MD5
  
  f2d8d3ef1d5623bdfa9a0eebd4fc2266
- SHA1
  
  1a86274d2db5433939ed092da2aa9061b81f4d70
- SHA256
  
  d8d98aca37ca3d943cc7514a7977c3323eeecceb9e7b12015f2932dba3cd6eab
- SHA512
  
  189d3760dd2cc2521423bd3c1d7ce80a9160efbf50239a32dde000b6ee5725735f5e8bae581ab800ddd00211c3e13838b3fb40ae2d4fb5805f7126c55528de4a
- SSDEEP
  
  6144:d/H+8pmvtzHm48oilMAOSf0XFdkzR9CnPYlt8:dv+Ym1Y0AOSfaeR0nwf8
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan