metasploit | 9f4f13431118ce4c4cbf0449526b4fdd2508dade1c3e89a2c4f71c3dbede3989 | Triage

Sharing

General

Target

c56dc5ef9db2e5c9ffce880b86885635_JaffaCakes118
Size

614KB
Sample

241205-cq8twsyrcm
MD5

c56dc5ef9db2e5c9ffce880b86885635
SHA1

61c7583ca191c0dc69a99d95f403c7071d10981c
SHA256

9f4f13431118ce4c4cbf0449526b4fdd2508dade1c3e89a2c4f71c3dbede3989
SHA512

66c2f77ca2761134bf5a592076b28d46dbba23f047a596f74cd5f44a6cb64821aaa3748a60fae2258efbc679751f5e4b42de8971cf1e0aedfc916f465bd9aa73
SSDEEP

12288:9BpbqB/sZL24qFPESlQ/YSb5y4j3CiikgwKkkANPgK0CxYPIrLowcPBtUfu/X2LU:9BpG/sx24quSl4Vb5XjSiDgRXANPgK3n

Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

10.10.100.55:4444

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  c56dc5ef9db2e5c9ffce880b86885635_JaffaCakes118
- Size
  
  614KB
- MD5
  
  c56dc5ef9db2e5c9ffce880b86885635
- SHA1
  
  61c7583ca191c0dc69a99d95f403c7071d10981c
- SHA256
  
  9f4f13431118ce4c4cbf0449526b4fdd2508dade1c3e89a2c4f71c3dbede3989
- SHA512
  
  66c2f77ca2761134bf5a592076b28d46dbba23f047a596f74cd5f44a6cb64821aaa3748a60fae2258efbc679751f5e4b42de8971cf1e0aedfc916f465bd9aa73
- SSDEEP
  
  12288:9BpbqB/sZL24qFPESlQ/YSb5y4j3CiikgwKkkANPgK0CxYPIrLowcPBtUfu/X2LU:9BpG/sx24quSl4Vb5XjSiDgRXANPgK3n
Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan