metasploit | dd0ad3576017cd1d2a48866070dde950a0e8856b585277ac7116be606b279526 | Triage

Sharing

General

Target

c8aa75b0fabc010a292a579ec6d43484_JaffaCakes118
Size

226KB
Sample

241205-vph6ystmd1
MD5

c8aa75b0fabc010a292a579ec6d43484
SHA1

0c5239e8385e5c0936cfc0913ff83a9b193d8715
SHA256

dd0ad3576017cd1d2a48866070dde950a0e8856b585277ac7116be606b279526
SHA512

df16b6a15bb47713e43b04d77188b20bbbc4912b86a6d123a41af6badea42b99790adac01fcba0a8ee7c8c68899bfdcaa993c58e361c6349aa810c0c42795dc2
SSDEEP

6144:hH0AV4nDWgRAkPC4Nn/20jmgbQyjD7efH:CAoR3PCQDjhQs6H

Score

10^/10

metasploit backdoor discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  c8aa75b0fabc010a292a579ec6d43484_JaffaCakes118
- Size
  
  226KB
- MD5
  
  c8aa75b0fabc010a292a579ec6d43484
- SHA1
  
  0c5239e8385e5c0936cfc0913ff83a9b193d8715
- SHA256
  
  dd0ad3576017cd1d2a48866070dde950a0e8856b585277ac7116be606b279526
- SHA512
  
  df16b6a15bb47713e43b04d77188b20bbbc4912b86a6d123a41af6badea42b99790adac01fcba0a8ee7c8c68899bfdcaa993c58e361c6349aa810c0c42795dc2
- SSDEEP
  
  6144:hH0AV4nDWgRAkPC4Nn/20jmgbQyjD7efH:CAoR3PCQDjhQs6H
Score

10^/10

metasploit backdoor discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Server Software Component: Terminal Services DLL
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistencetrojan

behavioral2

metasploitbackdoordiscoverypersistencetrojan