metasploit | ed5a9a1c778f6e8e1a9bed714a1d4f6182afed163795bbb79125ae8d77affdf7 | Triage

Sharing

General

Target

3f4a1b440a09c566d051caf5f4a3ca42_JaffaCakes118
Size

389KB
Sample

241013-mcdrps1era
MD5

3f4a1b440a09c566d051caf5f4a3ca42
SHA1

c4732a88454edeef6e218aa799f9d015adb10de4
SHA256

ed5a9a1c778f6e8e1a9bed714a1d4f6182afed163795bbb79125ae8d77affdf7
SHA512

cba7fbf9e861f4ff581a9ede6a1f8f88cd8f5786b8031ed54c984f2316b026cd945861e61885dddee5b83ac7a73edc0fe3a2ac54281ebd4b0aae2cbec93d1b7c
SSDEEP

12288:BT5nOImh/vcqEt1u8hlQDdSDj1xAuSu0tt:1QIm9soSDj1xT30X

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  3f4a1b440a09c566d051caf5f4a3ca42_JaffaCakes118
- Size
  
  389KB
- MD5
  
  3f4a1b440a09c566d051caf5f4a3ca42
- SHA1
  
  c4732a88454edeef6e218aa799f9d015adb10de4
- SHA256
  
  ed5a9a1c778f6e8e1a9bed714a1d4f6182afed163795bbb79125ae8d77affdf7
- SHA512
  
  cba7fbf9e861f4ff581a9ede6a1f8f88cd8f5786b8031ed54c984f2316b026cd945861e61885dddee5b83ac7a73edc0fe3a2ac54281ebd4b0aae2cbec93d1b7c
- SSDEEP
  
  12288:BT5nOImh/vcqEt1u8hlQDdSDj1xAuSu0tt:1QIm9soSDj1xT30X
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2