metasploit | 1e3ef83406a2e352a1fa26f318d6bd208d93a115b392c3a2e79a7caaab2f91d7 | Triage

Sharing

General

Target

bf19fec7f8810c0ddb23cba97afa7e77_JaffaCakes118
Size

326KB
Sample

241203-y91hhsyjfq
MD5

bf19fec7f8810c0ddb23cba97afa7e77
SHA1

42ae94f6004ba042951f0e26a6282b78df857df3
SHA256

1e3ef83406a2e352a1fa26f318d6bd208d93a115b392c3a2e79a7caaab2f91d7
SHA512

87ad2135faed1db18b96c61c11af8cec82006c5dc59d22fdb012b4d4e534266849509eec5d589906f8197d21dae752e7d3830ded64ef6144dabb6e284ee2d6fd
SSDEEP

6144:9lAauzvsND84HrYDIc6BkWEYD62hL2zv9CBaIFKC7vmVF7FglO4N:9TuzkNmMRBnD628xFIvwK

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  bf19fec7f8810c0ddb23cba97afa7e77_JaffaCakes118
- Size
  
  326KB
- MD5
  
  bf19fec7f8810c0ddb23cba97afa7e77
- SHA1
  
  42ae94f6004ba042951f0e26a6282b78df857df3
- SHA256
  
  1e3ef83406a2e352a1fa26f318d6bd208d93a115b392c3a2e79a7caaab2f91d7
- SHA512
  
  87ad2135faed1db18b96c61c11af8cec82006c5dc59d22fdb012b4d4e534266849509eec5d589906f8197d21dae752e7d3830ded64ef6144dabb6e284ee2d6fd
- SSDEEP
  
  6144:9lAauzvsND84HrYDIc6BkWEYD62hL2zv9CBaIFKC7vmVF7FglO4N:9TuzkNmMRBnD628xFIvwK
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2