Overview

overview

10

Static

static

3

D7CCEEB1.exe

windows7-x64

10

D7CCEEB1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c43017cc0320c43e18aaac75b57907aa_JaffaCakes118

  • Size

    81KB

  • Sample

    241204-yxqgsaypcx

  • MD5

    c43017cc0320c43e18aaac75b57907aa

  • SHA1

    39f135088df0baee9cf96eebd38423d7bc37e3bd

  • SHA256

    decafaf1de7ecf060bdf9e58bdc7d3d22ec2c7b763764930e0120ac542009117

  • SHA512

    a17da26211e0a7ecfc102c9aec8112be1f395527e5673b62c3aa5577cf1604e759d505d9099a951ff7e07d4c92255c8a7e6200bc71407f34401005908d0f9977

  • SSDEEP

    1536:ET5M3JN9r1vdjjMFMoV1wdXbwQEGzbBC9/zEAtZkgVdPhMcA/fQ1u1:gMdrVp8WXbwQEGz09AA7V3A3Q1u1

Score
10/10
metasploitbackdoordiscoverypersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      D7CCEEB1.EXE

    • Size

      132KB

    • MD5

      03e9933ea2e4e763a0fde8df19c9d46c

    • SHA1

      337c3d7510e830348c00ed6a861908c1272b0e30

    • SHA256

      1547d78f20bf81e657d6bdab8b8c583be27c6342be066ce9719f8794fd272b47

    • SHA512

      bc2945748db4bd4ea3d2b53430616c6f5757ce9207deca7ead37cc62c0ead33f84a3ae5dad72f06b9e4aac2cb153ebc5e092e3173d56db173416b40e241fc96a

    • SSDEEP

      3072:YeZj1jHN9B+UEAdHBgNodpEGz092A7V3WAE:jjHNvH7dHeodp30131E

    Score
    10/10
    metasploitbackdoordiscoverypersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks