metasploit | afa01ea31d1b8851d6f1e0019d89aa4b0efda83be79cf79916285051a4f042b0 | Triage

Sharing

General

Target

bee00aa04a0c303f859fe09928d67af9_JaffaCakes118
Size

252KB
Sample

241203-x52pcazmex
MD5

bee00aa04a0c303f859fe09928d67af9
SHA1

817b07124e6dcd6fa770739d4e80d66e61302480
SHA256

afa01ea31d1b8851d6f1e0019d89aa4b0efda83be79cf79916285051a4f042b0
SHA512

d9a58242cb9949def225ff33554d3f0709e0086d4c7c076d6719390c179e1861caea48fd75d3bab6a2a2126814645e9726754ac177a0134a349a285695886a91
SSDEEP

6144:S+1jLpNITtBenUaeoXZ5EHT2NP/4Y8Kc5A89Xa:5j1NYBny5EHO8ka

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  bee00aa04a0c303f859fe09928d67af9_JaffaCakes118
- Size
  
  252KB
- MD5
  
  bee00aa04a0c303f859fe09928d67af9
- SHA1
  
  817b07124e6dcd6fa770739d4e80d66e61302480
- SHA256
  
  afa01ea31d1b8851d6f1e0019d89aa4b0efda83be79cf79916285051a4f042b0
- SHA512
  
  d9a58242cb9949def225ff33554d3f0709e0086d4c7c076d6719390c179e1861caea48fd75d3bab6a2a2126814645e9726754ac177a0134a349a285695886a91
- SSDEEP
  
  6144:S+1jLpNITtBenUaeoXZ5EHT2NP/4Y8Kc5A89Xa:5j1NYBny5EHO8ka
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2