metasploit | 48e10a914d4e2c754c223e1a6fd2a373c71de262b135a92db790de03944ea85c | Triage

Sharing

General

Target

f5939606bd81a26a63e7d75f1604f512_JaffaCakes118
Size

410KB
Sample

240925-j5rmgsvcjp
MD5

f5939606bd81a26a63e7d75f1604f512
SHA1

a21c1712f4a8900bcf0017afd3ceb1c15b791fd3
SHA256

48e10a914d4e2c754c223e1a6fd2a373c71de262b135a92db790de03944ea85c
SHA512

7bc4b3da5630a14d2612a4bb2c7a439e4de91ae357ae0db16d132d0eebd872d9f5abed0ec1a8365d4ca2cb4144867048fba9cdbaa5ae8bb8476234570121d24b
SSDEEP

6144:uwdlYcZu3veqrqAcRijtpIYvolrl9g+ymzOLPrnOKIgkKUM/CoFGR34eTmup:uTvFRpIDvv1CTLOLvqCgCj64

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  f5939606bd81a26a63e7d75f1604f512_JaffaCakes118
- Size
  
  410KB
- MD5
  
  f5939606bd81a26a63e7d75f1604f512
- SHA1
  
  a21c1712f4a8900bcf0017afd3ceb1c15b791fd3
- SHA256
  
  48e10a914d4e2c754c223e1a6fd2a373c71de262b135a92db790de03944ea85c
- SHA512
  
  7bc4b3da5630a14d2612a4bb2c7a439e4de91ae357ae0db16d132d0eebd872d9f5abed0ec1a8365d4ca2cb4144867048fba9cdbaa5ae8bb8476234570121d24b
- SSDEEP
  
  6144:uwdlYcZu3veqrqAcRijtpIYvolrl9g+ymzOLPrnOKIgkKUM/CoFGR34eTmup:uTvFRpIDvv1CTLOLvqCgCj64
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan