metasploit | 155619df9b513c86d72f40826dda5f6a9e1255b58b2e0cd12824302db83fbdda | Triage

Sharing

General

Target

d7838068af0b26b55299c8c13fe5320b_JaffaCakes118
Size

14KB
Sample

241208-rs1cvswlgy
MD5

d7838068af0b26b55299c8c13fe5320b
SHA1

b399f7e471fdc00c530f5144e33d4bf065ace6b4
SHA256

155619df9b513c86d72f40826dda5f6a9e1255b58b2e0cd12824302db83fbdda
SHA512

33791b4d4cea44434bb7045690ef81c17c3f3abbddf4c017d8a2d20fdc8bd17b46ea0f5659878f68eb4b51a213df368dea4ce3024810982b453cf3a97f4a7064
SSDEEP

192:sFtEfQbHt9uLoYjeSQyvZOQ5xNPU2kG6TjLFpHnm6WxjP3WIsJNc:atuc7YCoYQXNPhk5fLFpH7WhOhN

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.244.244:4444

Targets

- Target
  
  d7838068af0b26b55299c8c13fe5320b_JaffaCakes118
- Size
  
  14KB
- MD5
  
  d7838068af0b26b55299c8c13fe5320b
- SHA1
  
  b399f7e471fdc00c530f5144e33d4bf065ace6b4
- SHA256
  
  155619df9b513c86d72f40826dda5f6a9e1255b58b2e0cd12824302db83fbdda
- SHA512
  
  33791b4d4cea44434bb7045690ef81c17c3f3abbddf4c017d8a2d20fdc8bd17b46ea0f5659878f68eb4b51a213df368dea4ce3024810982b453cf3a97f4a7064
- SSDEEP
  
  192:sFtEfQbHt9uLoYjeSQyvZOQ5xNPU2kG6TjLFpHnm6WxjP3WIsJNc:atuc7YCoYQXNPhk5fLFpH7WhOhN
Score

10^/10

discovery metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoordiscoverytrojan