metasploit | ce8a54928eab54e4cdc3ea7c765cd433ec6ed284eb159e7f344b2f27658b1f2e | Triage

Sharing

General

Target

dcc3ca07a3b261e9909cc58f0fb686ba_JaffaCakes118
Size

392KB
Sample

241210-dtaa6sxjej
MD5

dcc3ca07a3b261e9909cc58f0fb686ba
SHA1

280d32259d2ce449fb7640529dc04230353f85c6
SHA256

ce8a54928eab54e4cdc3ea7c765cd433ec6ed284eb159e7f344b2f27658b1f2e
SHA512

6c6ea87186cffb7bd9a13791a3d45564df727db14b83ae7eedf47e6036c4e7f6b4c09200ea76cefa9f895342243436bac008820c7365c892aa0e1cdc189e5b69
SSDEEP

12288:6vnFEDFqkRopm7SbPENR7wCRqzbm4tj8G:EED0kRogG7kfMzqqjd

Score

10^/10

metasploit backdoor defense_evasion discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  dcc3ca07a3b261e9909cc58f0fb686ba_JaffaCakes118
- Size
  
  392KB
- MD5
  
  dcc3ca07a3b261e9909cc58f0fb686ba
- SHA1
  
  280d32259d2ce449fb7640529dc04230353f85c6
- SHA256
  
  ce8a54928eab54e4cdc3ea7c765cd433ec6ed284eb159e7f344b2f27658b1f2e
- SHA512
  
  6c6ea87186cffb7bd9a13791a3d45564df727db14b83ae7eedf47e6036c4e7f6b4c09200ea76cefa9f895342243436bac008820c7365c892aa0e1cdc189e5b69
- SSDEEP
  
  12288:6vnFEDFqkRopm7SbPENR7wCRqzbm4tj8G:EED0kRogG7kfMzqqjd
Score

10^/10

metasploit backdoor defense_evasion discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordefense_evasiondiscoveryevasiontrojan

behavioral2

discoveryevasion