metasploit | 5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204 | Triage

Submit
Reports

Overview

overview

Static

static

1

JaffaCakes...04.rtf

windows7-x64

JaffaCakes...04.rtf

windows10-2004-x64

4

Sharing

General

Target

JaffaCakes118_5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204
Size

161KB
Sample

241221-25k4tatlhp
MD5

21d18d229d6774e235ead04adf578217
SHA1

7c48f714185a73eb6f5f791bb5573e0bea4d13ad
SHA256

5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204
SHA512

eb44a7cab05f6c34ace776e29006d5556a6a125155c8be28386933a413fe56129dc5b34a82f60f4e291ee43f03cb15b43b5b6307eb1a11a8b8e2fea8a977da02
SSDEEP

3072:CiNT+ngtCA9t66AM7+Hz1aHWQABS/rvQ9Z:CiNqngcR657+Hz1eWQAkjvQL

Score

10^/10

metasploit backdoor defense_evasion discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

JaffaCakes118_5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204.rtf

Resource

win7-20240729-en

metasploit backdoor discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204.rtf

Resource

win10v2004-20241007-en

defense_evasion

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.17.7.232:17405

Targets

- Target
  
  JaffaCakes118_5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204
- Size
  
  161KB
- MD5
  
  21d18d229d6774e235ead04adf578217
- SHA1
  
  7c48f714185a73eb6f5f791bb5573e0bea4d13ad
- SHA256
  
  5a4181ad51b08e58df1353614fffd6898f1c45f2350b679dbf73f18a38fa3204
- SHA512
  
  eb44a7cab05f6c34ace776e29006d5556a6a125155c8be28386933a413fe56129dc5b34a82f60f4e291ee43f03cb15b43b5b6307eb1a11a8b8e2fea8a977da02
- SSDEEP
  
  3072:CiNT+ngtCA9t66AM7+Hz1aHWQABS/rvQ9Z:CiNqngcR657+Hz1eWQAkjvQL
Score

10^/10

metasploit backdoor discovery trojan defense_evasion
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

defense_evasion

© 2018-2024

Terms | Privacy