metasploit | dbb1f8653534a072152dcf5a1342525f43f1d66360c36dbe95b552a656e052ab | Triage

Submit
Reports

Overview

overview

Static

static

7

ae70e848f7...18.exe

windows7-x64

ae70e848f7...18.exe

windows10-2004-x64

7

Sharing

General

Target

ae70e848f771cf4213fed3fe2d133315_JaffaCakes118
Size

1.4MB
Sample

241129-deqplswqdq
MD5

ae70e848f771cf4213fed3fe2d133315
SHA1

1cfd5997b0bad2af1483bac6d065fc466194dee3
SHA256

dbb1f8653534a072152dcf5a1342525f43f1d66360c36dbe95b552a656e052ab
SHA512

3c6fe5fb05ccdcb47f5607a18f0d899663a7eb0864086804b0164f7951b85aeab498c77ca7702658dab1035c81c936e8dd8f24c4980910e97e8144cb84999e6c
SSDEEP

24576:f+IH2bjuHmTN4JTl05UdqkYU56Upxde9+mI9zixlVHu:f+IYuwF5ObxG+Ixu

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ae70e848f771cf4213fed3fe2d133315_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery evasion persistence privilege_escalation themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae70e848f771cf4213fed3fe2d133315_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  ae70e848f771cf4213fed3fe2d133315_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  ae70e848f771cf4213fed3fe2d133315
- SHA1
  
  1cfd5997b0bad2af1483bac6d065fc466194dee3
- SHA256
  
  dbb1f8653534a072152dcf5a1342525f43f1d66360c36dbe95b552a656e052ab
- SHA512
  
  3c6fe5fb05ccdcb47f5607a18f0d899663a7eb0864086804b0164f7951b85aeab498c77ca7702658dab1035c81c936e8dd8f24c4980910e97e8144cb84999e6c
- SSDEEP
  
  24576:f+IH2bjuHmTN4JTl05UdqkYU56Upxde9+mI9zixlVHu:f+IYuwF5ObxG+Ixu
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies security service
  evasion
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Accessibility Features

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Accessibility Features

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationthemidatrojan

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy