metasploit | f7caac4912b9c34a9dd0ce99c91899ce6a24d3ded02d0321d21ac85defc46c34 | Triage

Sharing

General

Target

f887b8113986c093b5aaa161413db5f6_JaffaCakes118
Size

150KB
Sample

240926-rdvh3atgrf
MD5

f887b8113986c093b5aaa161413db5f6
SHA1

50601d8d1996b5ecdea292bff5dcee3b85ae26d5
SHA256

f7caac4912b9c34a9dd0ce99c91899ce6a24d3ded02d0321d21ac85defc46c34
SHA512

59555ae0a00b7659aaaa893853d2848147c747d0565e0b23ba3ec5163b547081e10b45489c9b9cbe0e49ed1eed3e3382da4580e9ecbaa453b6367a9cfe1efb45
SSDEEP

3072:viGFSUCzK7GBTEhE37TW9PjGL6+eNvPgj5j2dcRWG5IL6exdwjLiT:v5R7WTbrTULGmTdPgFj2d5/JgjLY

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f887b8113986c093b5aaa161413db5f6_JaffaCakes118
- Size
  
  150KB
- MD5
  
  f887b8113986c093b5aaa161413db5f6
- SHA1
  
  50601d8d1996b5ecdea292bff5dcee3b85ae26d5
- SHA256
  
  f7caac4912b9c34a9dd0ce99c91899ce6a24d3ded02d0321d21ac85defc46c34
- SHA512
  
  59555ae0a00b7659aaaa893853d2848147c747d0565e0b23ba3ec5163b547081e10b45489c9b9cbe0e49ed1eed3e3382da4580e9ecbaa453b6367a9cfe1efb45
- SSDEEP
  
  3072:viGFSUCzK7GBTEhE37TW9PjGL6+eNvPgj5j2dcRWG5IL6exdwjLiT:v5R7WTbrTULGmTdPgFj2d5/JgjLY
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan