metasploit | c55ad3b4d5d5791710bd6c7f311ab03673f372c69b7fc623fc0976d7d2740fd4 | Triage

Sharing

General

Target

f6edfd7d41a37424ed76f18369251e52_JaffaCakes118
Size

145KB
Sample

241216-c6pqys1qek
MD5

f6edfd7d41a37424ed76f18369251e52
SHA1

8b76be608cc04b9c5d3cc96647c5147c8e3db220
SHA256

c55ad3b4d5d5791710bd6c7f311ab03673f372c69b7fc623fc0976d7d2740fd4
SHA512

ed3e8a0fcf4b7018e369fec57a357877e67938bbf0cf62d30e931262f6d964f9f3137f2ccc093f41a6a52976c90f640c9b626a814022fedab8e83477887b3918
SSDEEP

3072:JKor0NTdzvhsC2WIQ80FmnT20KHPy06oGZbSfxwQdeWkDJv4BAkpQsyIQnjQcCzf:nQNNvh980FmT2jK0YZbixwQdeWktAOkP

Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f6edfd7d41a37424ed76f18369251e52_JaffaCakes118
- Size
  
  145KB
- MD5
  
  f6edfd7d41a37424ed76f18369251e52
- SHA1
  
  8b76be608cc04b9c5d3cc96647c5147c8e3db220
- SHA256
  
  c55ad3b4d5d5791710bd6c7f311ab03673f372c69b7fc623fc0976d7d2740fd4
- SHA512
  
  ed3e8a0fcf4b7018e369fec57a357877e67938bbf0cf62d30e931262f6d964f9f3137f2ccc093f41a6a52976c90f640c9b626a814022fedab8e83477887b3918
- SSDEEP
  
  3072:JKor0NTdzvhsC2WIQ80FmnT20KHPy06oGZbSfxwQdeWkDJv4BAkpQsyIQnjQcCzf:nQNNvh980FmT2jK0YZbixwQdeWktAOkP
Score

10^/10

metasploit backdoor discovery evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan