metasploit | de1a56fa8f5b78c4e714bad8ed37490f411b93edda254561775f97446212288c | Triage

Sharing

General

Target

f4d9060f5539834826d39c1b2348857b_JaffaCakes118
Size

45KB
Sample

240925-bka51ayfld
MD5

f4d9060f5539834826d39c1b2348857b
SHA1

194c27d67b2cc9f0ab85c8715f91ceb26d0dd9b7
SHA256

de1a56fa8f5b78c4e714bad8ed37490f411b93edda254561775f97446212288c
SHA512

7ee793baa861dafec08d12a2971fa9e3915998a5c84d13b53c0736970a26633aff27f62b1facd0f59ac9242d985d4589656d39f956c3770214eebb1fc86b490f
SSDEEP

768:rQ8eDDFt8MCGnobY3s+Aqhs/JGtpA4bOaxJZUD1RUAtGiyhyETN4oTgLElZ1C:rQ8YDFtUGoU35OGHA2q1WAUiYeoTZ

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f4d9060f5539834826d39c1b2348857b_JaffaCakes118
- Size
  
  45KB
- MD5
  
  f4d9060f5539834826d39c1b2348857b
- SHA1
  
  194c27d67b2cc9f0ab85c8715f91ceb26d0dd9b7
- SHA256
  
  de1a56fa8f5b78c4e714bad8ed37490f411b93edda254561775f97446212288c
- SHA512
  
  7ee793baa861dafec08d12a2971fa9e3915998a5c84d13b53c0736970a26633aff27f62b1facd0f59ac9242d985d4589656d39f956c3770214eebb1fc86b490f
- SSDEEP
  
  768:rQ8eDDFt8MCGnobY3s+Aqhs/JGtpA4bOaxJZUD1RUAtGiyhyETN4oTgLElZ1C:rQ8YDFtUGoU35OGHA2q1WAUiYeoTZ
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan