metasploit | 3574fd49d0ac8209f233a79dd47045d3e620dffb2317c02fa51be736b25c7f2d | Triage

Sharing

General

Target

e2f0f7a08657106ea63eefd7af3a8e66_JaffaCakes118
Size

5.9MB
Sample

241211-ygc7hszrgl
MD5

e2f0f7a08657106ea63eefd7af3a8e66
SHA1

db468caa90a04d124ea093d8123228f9e987a759
SHA256

3574fd49d0ac8209f233a79dd47045d3e620dffb2317c02fa51be736b25c7f2d
SHA512

2fe06fae338223642acd9e62cfe1592a0390343187cacc7ae69881684ed57ef134fca27441a3421e0e9c5e4796691fb6e686dd123a1b62d4462acc892128e47a
SSDEEP

768:E0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:E0OAc3FcxBsdVdsyBhXP

Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  e2f0f7a08657106ea63eefd7af3a8e66_JaffaCakes118
- Size
  
  5.9MB
- MD5
  
  e2f0f7a08657106ea63eefd7af3a8e66
- SHA1
  
  db468caa90a04d124ea093d8123228f9e987a759
- SHA256
  
  3574fd49d0ac8209f233a79dd47045d3e620dffb2317c02fa51be736b25c7f2d
- SHA512
  
  2fe06fae338223642acd9e62cfe1592a0390343187cacc7ae69881684ed57ef134fca27441a3421e0e9c5e4796691fb6e686dd123a1b62d4462acc892128e47a
- SSDEEP
  
  768:E0OTUQP3nNzcxYBSlWXYtmVY0sxYp3hXP:E0OAc3FcxBsdVdsyBhXP
Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordefense_evasiondiscoverypersistencetrojan

behavioral2

metasploitbackdoordefense_evasiondiscoverypersistencetrojan