metasploit | 123ec919207604d2f08ad9419ce7d1ba7112009973796835c5bc86152830dc2c | Triage

Sharing

General

Target

cd41210fd5842246730ea806cd312b2d_JaffaCakes118
Size

172KB
Sample

241206-qrybfazkez
MD5

cd41210fd5842246730ea806cd312b2d
SHA1

f6fc62d692bd43c070ec5715909a192f97f26c54
SHA256

123ec919207604d2f08ad9419ce7d1ba7112009973796835c5bc86152830dc2c
SHA512

8d6868c8594c44082d133c4d6f22c497db1a174f30a6818b71e6e630b9b2aa847a2d78af10017403b87fd95457119f65c6d629152832e32ee8efac8346986218
SSDEEP

3072:doixrduqW9Goin4lZoD9d16zVfMZ2KKNRdTaB:mW5jOA96xrRd

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  cd41210fd5842246730ea806cd312b2d_JaffaCakes118
- Size
  
  172KB
- MD5
  
  cd41210fd5842246730ea806cd312b2d
- SHA1
  
  f6fc62d692bd43c070ec5715909a192f97f26c54
- SHA256
  
  123ec919207604d2f08ad9419ce7d1ba7112009973796835c5bc86152830dc2c
- SHA512
  
  8d6868c8594c44082d133c4d6f22c497db1a174f30a6818b71e6e630b9b2aa847a2d78af10017403b87fd95457119f65c6d629152832e32ee8efac8346986218
- SSDEEP
  
  3072:doixrduqW9Goin4lZoD9d16zVfMZ2KKNRdTaB:mW5jOA96xrRd
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Looks for VMWare Tools registry key
  evasion
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan