metasploit | 8c6eab0b1163cbc7248147140aeedfcb087c2ba32f0bbfe2f5f3b1ea3324faf1 | Triage

Sharing

General

Target

aad40fa7ba4a04bf786db011780df4e8_JaffaCakes118
Size

14KB
Sample

241128-d5n9gatnbs
MD5

aad40fa7ba4a04bf786db011780df4e8
SHA1

7f76fd47b74f8afbe800d6aa84b8873aaff87181
SHA256

8c6eab0b1163cbc7248147140aeedfcb087c2ba32f0bbfe2f5f3b1ea3324faf1
SHA512

8ef4f2a77637652cdc1ba6666d57cc728e10ac702235cd5ecb6bd7683e76035d2de31dc3b4e9d81dbcc530db2a4e6eb02c6df7f7783878e5d267b39c3e50c408
SSDEEP

48:6D640H+VzPiZerMpZytjWeyLhnhIAsYBlnfcpKq/hHeq0JEI0oqtIzNi:WmHGzq6tjW33XlfCJhsJNcy

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp_allports

C2

192.168.1.116:30000

Targets

- Target
  
  aad40fa7ba4a04bf786db011780df4e8_JaffaCakes118
- Size
  
  14KB
- MD5
  
  aad40fa7ba4a04bf786db011780df4e8
- SHA1
  
  7f76fd47b74f8afbe800d6aa84b8873aaff87181
- SHA256
  
  8c6eab0b1163cbc7248147140aeedfcb087c2ba32f0bbfe2f5f3b1ea3324faf1
- SHA512
  
  8ef4f2a77637652cdc1ba6666d57cc728e10ac702235cd5ecb6bd7683e76035d2de31dc3b4e9d81dbcc530db2a4e6eb02c6df7f7783878e5d267b39c3e50c408
- SSDEEP
  
  48:6D640H+VzPiZerMpZytjWeyLhnhIAsYBlnfcpKq/hHeq0JEI0oqtIzNi:WmHGzq6tjW33XlfCJhsJNcy
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan