metasploit | 949e52ef1187b9145c0606367c4e51f4c11460f1000edb4fca9787e1a025db2c | Triage

Submit
Reports

Overview

overview

Static

static

5

f33be23c32...18.exe

windows7-x64

f33be23c32...18.exe

windows10-2004-x64

Sharing

General

Target

f33be23c32dd6fd5c0a4e83ddf60d52e_JaffaCakes118
Size

767KB
Sample

240924-ker11a1crg
MD5

f33be23c32dd6fd5c0a4e83ddf60d52e
SHA1

84634e72f98c11bde6f29931bb5fded021e598e8
SHA256

949e52ef1187b9145c0606367c4e51f4c11460f1000edb4fca9787e1a025db2c
SHA512

8dc316539627dedfd2e2002758d635e09ee029a767e76196785b4fe3ccc8eab7b64b754c3478484fe4ce693e77526d3256c4b3b79b3237812988dfdc34b9376c
SSDEEP

12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcbNRX5c28whhZME:URmJkcoQricOIQxiZY1WNRXP8wnZME

Score

10^/10

metasploit backdoor discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f33be23c32dd6fd5c0a4e83ddf60d52e_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

f33be23c32dd6fd5c0a4e83ddf60d52e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.105:4444

Targets

- Target
  
  f33be23c32dd6fd5c0a4e83ddf60d52e_JaffaCakes118
- Size
  
  767KB
- MD5
  
  f33be23c32dd6fd5c0a4e83ddf60d52e
- SHA1
  
  84634e72f98c11bde6f29931bb5fded021e598e8
- SHA256
  
  949e52ef1187b9145c0606367c4e51f4c11460f1000edb4fca9787e1a025db2c
- SHA512
  
  8dc316539627dedfd2e2002758d635e09ee029a767e76196785b4fe3ccc8eab7b64b754c3478484fe4ce693e77526d3256c4b3b79b3237812988dfdc34b9376c
- SSDEEP
  
  12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcbNRX5c28whhZME:URmJkcoQricOIQxiZY1WNRXP8wnZME
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy