metasploit | 61aa531af8b25f9f62027debbc860e4d18a7fe9a4f7744a7d596c32b94ba2699 | Triage

Sharing

General

Target

f88ea9233fec35960bbb4feeabcff945_JaffaCakes118
Size

137KB
Sample

240926-rpypvs1gnn
MD5

f88ea9233fec35960bbb4feeabcff945
SHA1

c28c78118273d41865321b9904fccd820b18bb53
SHA256

61aa531af8b25f9f62027debbc860e4d18a7fe9a4f7744a7d596c32b94ba2699
SHA512

7c930e5c5fdd6669611a45a378ee5467d5b5d947d61c6201a7b21f926d53c9bc1a05554eb139c4a024e675acbbab8ea7e557b7e01aa0dd8d4a9fb15fc6d73f4a
SSDEEP

3072:lghyf/VUpgyY9xhGhy3otLz/a+sjBriJFyokBfpzbh+C2oQCZv6:WCSgJ9xhG2Ya+G2yoW9bhrr3B6

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f88ea9233fec35960bbb4feeabcff945_JaffaCakes118
- Size
  
  137KB
- MD5
  
  f88ea9233fec35960bbb4feeabcff945
- SHA1
  
  c28c78118273d41865321b9904fccd820b18bb53
- SHA256
  
  61aa531af8b25f9f62027debbc860e4d18a7fe9a4f7744a7d596c32b94ba2699
- SHA512
  
  7c930e5c5fdd6669611a45a378ee5467d5b5d947d61c6201a7b21f926d53c9bc1a05554eb139c4a024e675acbbab8ea7e557b7e01aa0dd8d4a9fb15fc6d73f4a
- SSDEEP
  
  3072:lghyf/VUpgyY9xhGhy3otLz/a+sjBriJFyokBfpzbh+C2oQCZv6:WCSgJ9xhG2Ya+G2yoW9bhrr3B6
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan