metasploit | e04c2cb66a5a074f17ac0211fad1ea2ff2f37ea684c6818ef7e5d40c600b3c58 | Triage

Sharing

General

Target

ee523f0176978f2eb9ff29bb3215c9fd_JaffaCakes118
Size

685KB
Sample

241214-mjst7sypcv
MD5

ee523f0176978f2eb9ff29bb3215c9fd
SHA1

6345856c55e24dbc6d4cfef9708582925b71d784
SHA256

e04c2cb66a5a074f17ac0211fad1ea2ff2f37ea684c6818ef7e5d40c600b3c58
SHA512

ef0a0a70cbc4e7c60c69963413f9e00d54fabd730eb5f4182d7a070fbb537094d3b6c4970ef45afab755d517d68d30389d03c3b064def9c4cb2b0f6914157ca7
SSDEEP

12288:zOBItp7ioIt4mAlgdFDb4TzBnlDxKMIQvSGCpVdXsqd1I:zOBC+8IDb4TlnSMlSzpVdXsu

Score

10^/10

metasploit backdoor discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  ee523f0176978f2eb9ff29bb3215c9fd_JaffaCakes118
- Size
  
  685KB
- MD5
  
  ee523f0176978f2eb9ff29bb3215c9fd
- SHA1
  
  6345856c55e24dbc6d4cfef9708582925b71d784
- SHA256
  
  e04c2cb66a5a074f17ac0211fad1ea2ff2f37ea684c6818ef7e5d40c600b3c58
- SHA512
  
  ef0a0a70cbc4e7c60c69963413f9e00d54fabd730eb5f4182d7a070fbb537094d3b6c4970ef45afab755d517d68d30389d03c3b064def9c4cb2b0f6914157ca7
- SSDEEP
  
  12288:zOBItp7ioIt4mAlgdFDb4TzBnlDxKMIQvSGCpVdXsqd1I:zOBC+8IDb4TlnSMlSzpVdXsu
Score

10^/10

metasploit backdoor discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasiontrojan

behavioral2

discoveryevasion