metasploit | ce235b6f27ae7d148396fea5843c2c6cf1826569f510e96f3e3bf06e8b96d19b | Triage

Sharing

General

Target

8d436371b39ffd40b038e447c41dd57d_JaffaCakes118
Size

671KB
Sample

241103-yt8tyswjfk
MD5

8d436371b39ffd40b038e447c41dd57d
SHA1

54108717243c21cbf324ece692a8a48f2a1c2a69
SHA256

ce235b6f27ae7d148396fea5843c2c6cf1826569f510e96f3e3bf06e8b96d19b
SHA512

86e25157e52f6f6f6fcbc843c4b19eed5232bd292483fa2806514ab9055aab343bde34de8bfd146f66f290a3af91023239812a55da1946a41d83dc969105c3ea
SSDEEP

12288:QgD8NVmCYCr4l6rf+4dsGmTkrdtAYU5coIz+7BIbaDHYnppO9ReK5dt:QVNsecl6rBbNzfw9BpeX2f

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  8d436371b39ffd40b038e447c41dd57d_JaffaCakes118
- Size
  
  671KB
- MD5
  
  8d436371b39ffd40b038e447c41dd57d
- SHA1
  
  54108717243c21cbf324ece692a8a48f2a1c2a69
- SHA256
  
  ce235b6f27ae7d148396fea5843c2c6cf1826569f510e96f3e3bf06e8b96d19b
- SHA512
  
  86e25157e52f6f6f6fcbc843c4b19eed5232bd292483fa2806514ab9055aab343bde34de8bfd146f66f290a3af91023239812a55da1946a41d83dc969105c3ea
- SSDEEP
  
  12288:QgD8NVmCYCr4l6rf+4dsGmTkrdtAYU5coIz+7BIbaDHYnppO9ReK5dt:QVNsecl6rBbNzfw9BpeX2f
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan