metasploit | ef6da08c352bb37d39309452aea7102977e694c4f0d16e039e7e75603320e093 | Triage

Submit
Reports

Overview

overview

Static

static

3

994f71a2e8...18.exe

windows7-x64

994f71a2e8...18.exe

windows10-2004-x64

Sharing

General

Target

994f71a2e836a5573c51892cd861d77f_JaffaCakes118
Size

44KB
Sample

241125-fe484szjax
MD5

994f71a2e836a5573c51892cd861d77f
SHA1

8eeee768621e18e73727bc660ef0c59813cec5b6
SHA256

ef6da08c352bb37d39309452aea7102977e694c4f0d16e039e7e75603320e093
SHA512

04d67e3c75eb5406ae3a29d00da6b0f79aea4f76165bebe896065be4c92ede679ea7a15188addb5b6308403457d188f20c21a3824d4ab316d8a6c47f3fdb54d5
SSDEEP

768:8OBV+Yd09bhmYP9ZYgHgMpOzT4E9hbe/VYhZvtZwVMt09sCjpZJ6ODy72qR:YYd0bHLIh7y/eJZwVk0XjPJpD9qR

Score

10^/10

metasploit backdoor discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

994f71a2e836a5573c51892cd861d77f_JaffaCakes118.exe

Resource

win7-20241023-en

metasploit backdoor discovery evasion persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

994f71a2e836a5573c51892cd861d77f_JaffaCakes118.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery evasion persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  994f71a2e836a5573c51892cd861d77f_JaffaCakes118
- Size
  
  44KB
- MD5
  
  994f71a2e836a5573c51892cd861d77f
- SHA1
  
  8eeee768621e18e73727bc660ef0c59813cec5b6
- SHA256
  
  ef6da08c352bb37d39309452aea7102977e694c4f0d16e039e7e75603320e093
- SHA512
  
  04d67e3c75eb5406ae3a29d00da6b0f79aea4f76165bebe896065be4c92ede679ea7a15188addb5b6308403457d188f20c21a3824d4ab316d8a6c47f3fdb54d5
- SSDEEP
  
  768:8OBV+Yd09bhmYP9ZYgHgMpOzT4E9hbe/VYhZvtZwVMt09sCjpZJ6ODy72qR:YYd0bHLIh7y/eJZwVk0XjPJpD9qR
Score

10^/10

metasploit backdoor discovery evasion persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistencetrojanupx

behavioral2

metasploitbackdoordiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy