metasploit | 1a248a52f78dc5dad37a0eabd2beb47480890e1742707d4780cd454e4791bcb4 | Triage

Sharing

General

Target

abe300564511a30fae7e7248f704b7e1_JaffaCakes118
Size

548KB
Sample

241128-lr5cjatlfv
MD5

abe300564511a30fae7e7248f704b7e1
SHA1

43954340f7dcee1cc820d7f6533362d31a8b2485
SHA256

1a248a52f78dc5dad37a0eabd2beb47480890e1742707d4780cd454e4791bcb4
SHA512

88be09fbfafffbdfecf167ccfa23a0992114c30e9e3ebcf0e5c8a0092251ee645e6ef8bbcc93a9e531758ec5f9e258c48ab78442be91503b7fc12e60e852f0d8
SSDEEP

12288:qdnY2XPBf5kesOWlUYB3kNNQYP1YNwjsvd:2nHXPB5kdBUEYP1gwAvd

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  abe300564511a30fae7e7248f704b7e1_JaffaCakes118
- Size
  
  548KB
- MD5
  
  abe300564511a30fae7e7248f704b7e1
- SHA1
  
  43954340f7dcee1cc820d7f6533362d31a8b2485
- SHA256
  
  1a248a52f78dc5dad37a0eabd2beb47480890e1742707d4780cd454e4791bcb4
- SHA512
  
  88be09fbfafffbdfecf167ccfa23a0992114c30e9e3ebcf0e5c8a0092251ee645e6ef8bbcc93a9e531758ec5f9e258c48ab78442be91503b7fc12e60e852f0d8
- SSDEEP
  
  12288:qdnY2XPBf5kesOWlUYB3kNNQYP1YNwjsvd:2nHXPB5kdBUEYP1gwAvd
Score

10^/10

discovery metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoordiscoverytrojan