metasploit | 12328c3a65d746a4205c2b27f7e884212c2c7c515eb127788b371ea96e000372 | Triage

Sharing

General

Target

b352690c5cabe0b0d2bb4300a2e8d78b_JaffaCakes118
Size

496KB
Sample

241129-yyy6batpet
MD5

b352690c5cabe0b0d2bb4300a2e8d78b
SHA1

c5e3f94b8e4335d4c8d062efad6c215e7cdc6616
SHA256

12328c3a65d746a4205c2b27f7e884212c2c7c515eb127788b371ea96e000372
SHA512

103775f213655b829019282d97d901e5fe78e81eab7fc521486dcc7244d6ce9fdb0d82e0108d5854d496421c331e3570fc205837da7a3f98e4cdfd45c0156bdf
SSDEEP

12288:deUDKuE/KOFuxc0bWN+NOO3MqHpiCIbflrMUs:de1LhsNbWN+TMqJADFMv

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  b352690c5cabe0b0d2bb4300a2e8d78b_JaffaCakes118
- Size
  
  496KB
- MD5
  
  b352690c5cabe0b0d2bb4300a2e8d78b
- SHA1
  
  c5e3f94b8e4335d4c8d062efad6c215e7cdc6616
- SHA256
  
  12328c3a65d746a4205c2b27f7e884212c2c7c515eb127788b371ea96e000372
- SHA512
  
  103775f213655b829019282d97d901e5fe78e81eab7fc521486dcc7244d6ce9fdb0d82e0108d5854d496421c331e3570fc205837da7a3f98e4cdfd45c0156bdf
- SSDEEP
  
  12288:deUDKuE/KOFuxc0bWN+NOO3MqHpiCIbflrMUs:de1LhsNbWN+TMqJADFMv
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan