metasploit | 0dda61cd0a7b7da3e0671742af1164c22b5366120641d8ffa842424436a68874 | Triage

Sharing

General

Target

c9cb09702d6b75d5b8252df08dcd0027_JaffaCakes118
Size

496KB
Sample

241205-2ywxqsspgn
MD5

c9cb09702d6b75d5b8252df08dcd0027
SHA1

6f970d037569f0cbce6f7fe69138c6a420d0c6f4
SHA256

0dda61cd0a7b7da3e0671742af1164c22b5366120641d8ffa842424436a68874
SHA512

5b99d0e832e6572802330ecfa02b28e768b240d3ad7f04a645100e20cd4719b8931cbe40062a0148f7e13aef1f9facf27b2f7cb92988454bf891de2688fac326
SSDEEP

6144:n3sGVHIL/GWMn5XQWSI6UpWuLU/ivGVpR+Lcdu/BeBsZPJjgfaL+Kl6:cAjnAWcUI04ieYyuckPJ8Ic

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  c9cb09702d6b75d5b8252df08dcd0027_JaffaCakes118
- Size
  
  496KB
- MD5
  
  c9cb09702d6b75d5b8252df08dcd0027
- SHA1
  
  6f970d037569f0cbce6f7fe69138c6a420d0c6f4
- SHA256
  
  0dda61cd0a7b7da3e0671742af1164c22b5366120641d8ffa842424436a68874
- SHA512
  
  5b99d0e832e6572802330ecfa02b28e768b240d3ad7f04a645100e20cd4719b8931cbe40062a0148f7e13aef1f9facf27b2f7cb92988454bf891de2688fac326
- SSDEEP
  
  6144:n3sGVHIL/GWMn5XQWSI6UpWuLU/ivGVpR+Lcdu/BeBsZPJjgfaL+Kl6:cAjnAWcUI04ieYyuckPJ8Ic
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan