metasploit | f283e2639468c3343b59de6d939db0cca34bb9351c3c213c02165ff70bf052cf | Triage

Sharing

General

Target

acd2661a71a229c77c63cb260657e995_JaffaCakes118
Size

320KB
Sample

241128-s5hh9a1rh1
MD5

acd2661a71a229c77c63cb260657e995
SHA1

8d6190883e231a946abd5c03822b85ff8c16f2b7
SHA256

f283e2639468c3343b59de6d939db0cca34bb9351c3c213c02165ff70bf052cf
SHA512

9362c7d22bc78a6ae351d0771be9e1a4739a4557a4991c97ce4990cea16035dfb110dff1ce8362b55e0e3e184f617321e59c5428f42e6d7641d0cf419c7b9639
SSDEEP

6144:kfiSMzzsnQ3WL24QFzF77OjcJEVSj090xrG8i6obi1:kfrMzzsnGWyEcCK1rG8HoA

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  acd2661a71a229c77c63cb260657e995_JaffaCakes118
- Size
  
  320KB
- MD5
  
  acd2661a71a229c77c63cb260657e995
- SHA1
  
  8d6190883e231a946abd5c03822b85ff8c16f2b7
- SHA256
  
  f283e2639468c3343b59de6d939db0cca34bb9351c3c213c02165ff70bf052cf
- SHA512
  
  9362c7d22bc78a6ae351d0771be9e1a4739a4557a4991c97ce4990cea16035dfb110dff1ce8362b55e0e3e184f617321e59c5428f42e6d7641d0cf419c7b9639
- SSDEEP
  
  6144:kfiSMzzsnQ3WL24QFzF77OjcJEVSj090xrG8i6obi1:kfrMzzsnGWyEcCK1rG8HoA
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan