Overview

overview

10

Static

static

3

ms06040rpc...��.htm

windows7-x64

3

ms06040rpc...��.htm

windows10-2004-x64

3

ms06040rpc...��.url

windows7-x64

1

ms06040rpc...��.url

windows10-2004-x64

1

ms06040rpc...pc.exe

windows7-x64

10

ms06040rpc...pc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9369b8bc861693349302f1a5d7a91db9_JaffaCakes118

  • Size

    21KB

  • Sample

    241124-jse3xs1lbw

  • MD5

    9369b8bc861693349302f1a5d7a91db9

  • SHA1

    a48c89ba89c3636e488c918c66062bc395338b6e

  • SHA256

    cc8235d313d53dc6cf917754f2b8da13ac43251d1a0774548ee3d4a85bf46505

  • SHA512

    b73cc922fbb185e71326322c41669e1aa333ed98ff77854b65e81ba3a3eabeead1c24ab3d7b4822646a06f62ca7e9683d5724d3576248b8efb560da709de9c8d

  • SSDEEP

    384:FoLPkmm59gA7UW5B5T80S9V3chiy8ZVtfqH6VAnLBrJh8mA:ycmE7UWFw0qs0y8ZVtBV6E

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

    • Target

      ms06040rpc/ms06040rpc(修改版)/ms06040rpc/8免费木马免杀脚本检测培训.htm

    • Size

      36KB

    • MD5

      0e198328ed663871fcf373a3cdbb3102

    • SHA1

      44c47a862eecd315c3e480a6c111dfe52c9edaf0

    • SHA256

      d5a226f453f21b8f2e20322d00b2d2af1d9c7cd91f850c4e0e18adf72348653f

    • SHA512

      9ce66337470f53203ff552b1858598b5bcb0d37f3e4cc0877aa858cb7c5e36942a2b72e0b560b0c08cae148686d455925d0951149696d64007cea365a5ff2420

    • SSDEEP

      768:n8N3RPFwgNvraFmzkf+THOpgRVHAxSJbyx06yx0HYz+x0HY8yx0Hkw7hJJqq2sz8:nQ3RXlraFmYDmsNKhJ0q2szGwkPpocM2

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      ms06040rpc/ms06040rpc(修改版)/ms06040rpc/9新世纪网安培训基地.url

    • Size

      135B

    • MD5

      bc9a3e4848e10ef0e63c899d70084b0a

    • SHA1

      aa5369140617b0c429b6c9101e8062dfbc9c8a76

    • SHA256

      5cd91db00ea9f35dcdb8fa81906c7589e2b1f1ecdcc1bbefa8c0b128b1d149a0

    • SHA512

      780e2766e96b0fe1fc086464701913bb119e72a5b18dab8aec728d2cc27865ab7a19c293f080d2cfb67ecbea59f87117a7a8f970ec6a44326729bb4996510719

    Score
    1/10
    behavioral3behavioral4

    • Target

      ms06040rpc/ms06040rpc(修改版)/ms06040rpc/ms06040rpc.exe

    • Size

      17KB

    • MD5

      5f453827080100fbaa64c21348d34a95

    • SHA1

      70739552efafd55086a81faf57e64dc7cf403db5

    • SHA256

      1fcf84baebf6a91cf80e2f34f1ec572a6042fce0744136aec6e4f63d94d8812e

    • SHA512

      5c597abb0725b286d157ca6266a61d31bad97026ca488c66d6a197f41772d9d361c1ab9922960bdaf84b2887065b8c8b54c0ecfadff73dded1751961e36a7597

    • SSDEEP

      384:t+T2vDJs9kcwtu8QzLeDmI1fmT+cczeBvDsnaIyS8PwzjEasVd:MT2ts+cN+D1wFczeB7TSeAEasP

    Score
    10/10
    metasploitbackdoortrojandiscovery

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks