metasploit | bb2e9955dc4978105b509db18d0e3d461b842233a820b1c3f2b4a98fa565b48a | Triage

Submit
Reports

Overview

overview

Static

static

3

da3b3abdaf...18.exe

windows7-x64

da3b3abdaf...18.exe

windows10-2004-x64

Sharing

General

Target

da3b3abdafffdf7c1e753adb04ac050d_JaffaCakes118
Size

180KB
Sample

241209-skelvswqcl
MD5

da3b3abdafffdf7c1e753adb04ac050d
SHA1

5f12a97ec90418047f135d746ec36f778ce1e2ef
SHA256

bb2e9955dc4978105b509db18d0e3d461b842233a820b1c3f2b4a98fa565b48a
SHA512

1a68e27497d4eeb0607983d134cbd265057ec601bb269036b76b8a5bc2e86ed1a720959df35b4397d8677eab09d9e59d9891ec6f5438cb13a8776bd378f731ba
SSDEEP

3072:4/u4HPElLA8tyHCIQVsM+VUq/l0BgVB9JktJha3xd:iugEtyH/Qr+Uq/VBJkfhY

Score

10^/10

metasploit backdoor discovery evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da3b3abdafffdf7c1e753adb04ac050d_JaffaCakes118.exe

Resource

win7-20240903-en

metasploit backdoor discovery trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

da3b3abdafffdf7c1e753adb04ac050d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery evasion persistence trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  da3b3abdafffdf7c1e753adb04ac050d_JaffaCakes118
- Size
  
  180KB
- MD5
  
  da3b3abdafffdf7c1e753adb04ac050d
- SHA1
  
  5f12a97ec90418047f135d746ec36f778ce1e2ef
- SHA256
  
  bb2e9955dc4978105b509db18d0e3d461b842233a820b1c3f2b4a98fa565b48a
- SHA512
  
  1a68e27497d4eeb0607983d134cbd265057ec601bb269036b76b8a5bc2e86ed1a720959df35b4397d8677eab09d9e59d9891ec6f5438cb13a8776bd378f731ba
- SSDEEP
  
  3072:4/u4HPElLA8tyHCIQVsM+VUq/l0BgVB9JktJha3xd:iugEtyH/Qr+Uq/VBJkfhY
Score

10^/10

metasploit backdoor discovery trojan upx evasion persistence
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojanupx

behavioral2

metasploitbackdoordiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy