metasploit | 0eba4a332cb162f33e0368f1fac0f01a2cd72873055a7485413f536a44aa0218 | Triage

Sharing

General

Target

dc8977a16719dab70a36d4bd0f1a7ea2_JaffaCakes118
Size

158KB
Sample

241210-cmk9esvnaq
MD5

dc8977a16719dab70a36d4bd0f1a7ea2
SHA1

2677b74ee837fb78a794d8cae7fa41c6ca1bbf14
SHA256

0eba4a332cb162f33e0368f1fac0f01a2cd72873055a7485413f536a44aa0218
SHA512

70c95a1bd048b1b397d580505e08f2d3d934b09f4bab0372ff060fe26c6111a391676ebd59befb44309043c76df3ec6af84a64bf7fd31a3642b7e4ad43040a10
SSDEEP

3072:zv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj:zxnoULRvEVlEvAvP1KQ

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  dc8977a16719dab70a36d4bd0f1a7ea2_JaffaCakes118
- Size
  
  158KB
- MD5
  
  dc8977a16719dab70a36d4bd0f1a7ea2
- SHA1
  
  2677b74ee837fb78a794d8cae7fa41c6ca1bbf14
- SHA256
  
  0eba4a332cb162f33e0368f1fac0f01a2cd72873055a7485413f536a44aa0218
- SHA512
  
  70c95a1bd048b1b397d580505e08f2d3d934b09f4bab0372ff060fe26c6111a391676ebd59befb44309043c76df3ec6af84a64bf7fd31a3642b7e4ad43040a10
- SSDEEP
  
  3072:zv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj:zxnoULRvEVlEvAvP1KQ
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan