metasploit | 1dd7c70148d74fdecbeb2db274c1e25163c3c62b3bfbfafada89cf83070ffe8d | Triage

Sharing

General

Target

8dbf1f129c04ce0b601405cd62ae1a31_JaffaCakes118
Size

171KB
Sample

241103-169ccswcng
MD5

8dbf1f129c04ce0b601405cd62ae1a31
SHA1

98dd02f973985cf0b095e1bb239895b92809c822
SHA256

1dd7c70148d74fdecbeb2db274c1e25163c3c62b3bfbfafada89cf83070ffe8d
SHA512

6a1ec43b6cc8495a519fa39abb1379ebfe1ae1b3d751e475b11c0a87cbdf476f255e1d525a94d575ea7eb2f47d6d8b07d526f2f2e8a19ee58296872873595a83
SSDEEP

3072:ukfkXP5KTx+KJDvTcNE/NgyJnDIBetryV1DC5jiq:ukMkAKdvTDgyD0OL5ji

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  8dbf1f129c04ce0b601405cd62ae1a31_JaffaCakes118
- Size
  
  171KB
- MD5
  
  8dbf1f129c04ce0b601405cd62ae1a31
- SHA1
  
  98dd02f973985cf0b095e1bb239895b92809c822
- SHA256
  
  1dd7c70148d74fdecbeb2db274c1e25163c3c62b3bfbfafada89cf83070ffe8d
- SHA512
  
  6a1ec43b6cc8495a519fa39abb1379ebfe1ae1b3d751e475b11c0a87cbdf476f255e1d525a94d575ea7eb2f47d6d8b07d526f2f2e8a19ee58296872873595a83
- SSDEEP
  
  3072:ukfkXP5KTx+KJDvTcNE/NgyJnDIBetryV1DC5jiq:ukMkAKdvTDgyD0OL5ji
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan