metasploit | eb158c6c62b80b3793a57bef024e8963faec14f377d5d763af418b13f4bd31be | Triage

Sharing

General

Target

c89cbdac0aeef950298a1f0e0fc98d25_JaffaCakes118
Size

296KB
Sample

241205-vdhfaayrhp
MD5

c89cbdac0aeef950298a1f0e0fc98d25
SHA1

f19456969d46531c0b7e8dbc8ef1f9b245debf53
SHA256

eb158c6c62b80b3793a57bef024e8963faec14f377d5d763af418b13f4bd31be
SHA512

d707580d450dbb218dd943ad1a5e1181244c8f1516eef012454d3c1c230b46bd716285d5cd11d70d421b41112881ae1ec6121f555f63e9ecdef0b4ccb95a6bb6
SSDEEP

6144:eXAIn/4ftH77TP3i7xg8qQRY701qvDa5Fiv5dvcdW:eXAIAlTPQxqQUrYFCzcdW

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  c89cbdac0aeef950298a1f0e0fc98d25_JaffaCakes118
- Size
  
  296KB
- MD5
  
  c89cbdac0aeef950298a1f0e0fc98d25
- SHA1
  
  f19456969d46531c0b7e8dbc8ef1f9b245debf53
- SHA256
  
  eb158c6c62b80b3793a57bef024e8963faec14f377d5d763af418b13f4bd31be
- SHA512
  
  d707580d450dbb218dd943ad1a5e1181244c8f1516eef012454d3c1c230b46bd716285d5cd11d70d421b41112881ae1ec6121f555f63e9ecdef0b4ccb95a6bb6
- SSDEEP
  
  6144:eXAIn/4ftH77TP3i7xg8qQRY701qvDa5Fiv5dvcdW:eXAIAlTPQxqQUrYFCzcdW
Score

10^/10

discovery metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoordiscoverytrojan