metasploit | ce4ab38153192c36ba73f9ad864c5accd00a380fbb3d8bf408b5d5f2ca8a2909 | Triage

Sharing

General

Target

c7fe68e6099b569defcb2604d7199d69_JaffaCakes118
Size

743KB
Sample

241205-q33ejaxkav
MD5

c7fe68e6099b569defcb2604d7199d69
SHA1

542f3c4066a044f1e34ced019fca8dd4e2430ccc
SHA256

ce4ab38153192c36ba73f9ad864c5accd00a380fbb3d8bf408b5d5f2ca8a2909
SHA512

0a5e454fd2f7295700d32e1e741bf204bab7629472e1268c74e3c04ff429110e1c4b24d7fa72daa708e7eff77f6b0b943633bc9e3608fe496cd3d24d6065ad07
SSDEEP

12288:+ANXlD0nHUJfoaHuLSbJpU2ZT5ONE+2oZJy/kMpCfeU59gW/n8vuhdCg/NcnJ+M5:+O90ncbHS+zUfE+N4VSfXgW/XdCeu+MK

Score

10^/10

metasploit backdoor discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  c7fe68e6099b569defcb2604d7199d69_JaffaCakes118
- Size
  
  743KB
- MD5
  
  c7fe68e6099b569defcb2604d7199d69
- SHA1
  
  542f3c4066a044f1e34ced019fca8dd4e2430ccc
- SHA256
  
  ce4ab38153192c36ba73f9ad864c5accd00a380fbb3d8bf408b5d5f2ca8a2909
- SHA512
  
  0a5e454fd2f7295700d32e1e741bf204bab7629472e1268c74e3c04ff429110e1c4b24d7fa72daa708e7eff77f6b0b943633bc9e3608fe496cd3d24d6065ad07
- SSDEEP
  
  12288:+ANXlD0nHUJfoaHuLSbJpU2ZT5ONE+2oZJy/kMpCfeU59gW/n8vuhdCg/NcnJ+M5:+O90ncbHS+zUfE+N4VSfXgW/XdCeu+MK
Score

10^/10

metasploit backdoor discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasiontrojan

behavioral2

discoveryevasion