metasploit | 7fc428d3d81f070ddadaa04b22268f0c48513c07a6cb8bb981c5a0b53c7a5ee3 | Triage

Sharing

General

Target

f7ccad9ff12aa38a3b2b9887485cad56_JaffaCakes118
Size

294KB
Sample

240926-hkleaswcqc
MD5

f7ccad9ff12aa38a3b2b9887485cad56
SHA1

78d71be9e51d25754bd148b1ac168dbcb92c6184
SHA256

7fc428d3d81f070ddadaa04b22268f0c48513c07a6cb8bb981c5a0b53c7a5ee3
SHA512

8e6c629637260e76c802c219442d2de34bb08f3dab26a77376d725eb31c888e49bae58176197e2660d0f06a1806c13e7eebebadc5ae908be963c6aabca5438f1
SSDEEP

6144:FpjkUdnUwHP0Ea+DppEBpZ+uIb1u1wyguu:FpjkUBLJa+DTYD+n6Lru

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  f7ccad9ff12aa38a3b2b9887485cad56_JaffaCakes118
- Size
  
  294KB
- MD5
  
  f7ccad9ff12aa38a3b2b9887485cad56
- SHA1
  
  78d71be9e51d25754bd148b1ac168dbcb92c6184
- SHA256
  
  7fc428d3d81f070ddadaa04b22268f0c48513c07a6cb8bb981c5a0b53c7a5ee3
- SHA512
  
  8e6c629637260e76c802c219442d2de34bb08f3dab26a77376d725eb31c888e49bae58176197e2660d0f06a1806c13e7eebebadc5ae908be963c6aabca5438f1
- SSDEEP
  
  6144:FpjkUdnUwHP0Ea+DppEBpZ+uIb1u1wyguu:FpjkUBLJa+DTYD+n6Lru
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan