metasploit | 466b9d6afa39a314d0a06b7d4539fec5275bff5632372d0bbe3acb1459a7472e | Triage

Sharing

General

Target

a3edf0c3dc5851388aed95af479e805c_JaffaCakes118
Size

88KB
Sample

241126-y4j9cavjbm
MD5

a3edf0c3dc5851388aed95af479e805c
SHA1

26bd63a068956adaf202367572102b43b4f2bb12
SHA256

466b9d6afa39a314d0a06b7d4539fec5275bff5632372d0bbe3acb1459a7472e
SHA512

62645043a5193c949374bd92ffdde6c86aa336b1580ffee8b0a956f908540df7432e440bffb368de0ea5aa43bb0fb55172ccee14d424b74f8b7d405795fb4174
SSDEEP

1536:8+iFaEtB4Y//aXoo7YMMHY638X7QTW3j/VFVi/MV2CJMfdT:8+iFaEtiY/iXooMMMh387CW3j/j4SAT

Score

10^/10

metasploit backdoor discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  a3edf0c3dc5851388aed95af479e805c_JaffaCakes118
- Size
  
  88KB
- MD5
  
  a3edf0c3dc5851388aed95af479e805c
- SHA1
  
  26bd63a068956adaf202367572102b43b4f2bb12
- SHA256
  
  466b9d6afa39a314d0a06b7d4539fec5275bff5632372d0bbe3acb1459a7472e
- SHA512
  
  62645043a5193c949374bd92ffdde6c86aa336b1580ffee8b0a956f908540df7432e440bffb368de0ea5aa43bb0fb55172ccee14d424b74f8b7d405795fb4174
- SSDEEP
  
  1536:8+iFaEtB4Y//aXoo7YMMHY638X7QTW3j/VFVi/MV2CJMfdT:8+iFaEtiY/iXooMMMh387CW3j/j4SAT
Score

10^/10

metasploit backdoor discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistencetrojan

behavioral2

metasploitbackdoordiscoverypersistencetrojan