metasploit | 9eba99e98def9e784c04c8d8c412deb1f7128c2ddad21b3e0efe0275cb5ccd57 | Triage

Sharing

General

Target

JaffaCakes118_9eba99e98def9e784c04c8d8c412deb1f7128c2ddad21b3e0efe0275cb5ccd57
Size

1008KB
Sample

241222-cdme5aypbj
MD5

6558ab29f4887b7dd1a5414398f2331e
SHA1

e83c6324474f1b8404e36ea94a88d8525d27244b
SHA256

9eba99e98def9e784c04c8d8c412deb1f7128c2ddad21b3e0efe0275cb5ccd57
SHA512

cdbe9460243e39d6cad038ccffa24b6bca3e149be407ba6add87c4253568b31aafb6f92b16d3dbddc709afc6059200ebf8d1d9d06ae3eb75970f73b06e95636e
SSDEEP

24576:E59TslK2o6tIaIhoPV/9lwMG7gFruzEaQNRPbwr55N9m:O9Y9o6t6KPx9+rCruQRTP0rPN9m

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://110.157.231.33:80/css/_utf.gif?id=18721

Attributes

headers Host: picc.com.cn Cookie: QiHooGUID=C9FA6432AF75.1573373412127; User-Agent: Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko)

Targets

- Target
  
  连力晋-中央财经大学-金融科技-2022.6-5天-2021.5.4/list1.jpg.exe
- Size
  
  1.5MB
- MD5
  
  8f1fbc7a48cde68378a6dc4064cbce7f
- SHA1
  
  95a1ae099595ce68542984d6ef6c1ed031f8b931
- SHA256
  
  553e460f0ae4e43668dd8d717ab40b0a1ba1941bb0c7918795ea12f861556ce1
- SHA512
  
  e4b837769e886c2fa95816353a49b5bf17ead78f44ad4040d2d6c9bcdfc44c2b0e44f01bfd45d3e3231375f4fed7ddfd6e6bd9d6e009066e82b13caf281bdcee
- SSDEEP
  
  24576:vUZrR/uqE3N85ctjcKGSg3GbNtQyQUnBBTn:v7qkdcKGSg4h1BT
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  连力晋-中央财经大学-金融科技-2022.6-5天-2021.5.4/list2.jpg.dll
- Size
  
  176KB
- MD5
  
  081bd2c1ce9df69f5b6c6abacb75f403
- SHA1
  
  f1ae82059e950ae39f697fcffc20b2795d4ec991
- SHA256
  
  8b1d19a05dc2f30b8f876b2abf3651bae6f61cc425fbd6be2c5e0662981bf79e
- SHA512
  
  339be9bf9b0510d0011233a02d40623b3aa652c447306df5645ac1c43f57cfa28afa5883ce9b9606a7d8bd524cc7df76fed346563b873298eca80c4fb9f3075c
- SSDEEP
  
  3072:UeGfFChEXD/7J/pwiC9JJJoyPf/UREvu2HLJzodzCFZ/xAg0FujKSSaGwq2Ox:U/COz/t/Ki8bDnURAu2HacfAOfBq2Ox
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  连力晋-中央财经大学-金融科技-2022.6-5天-2021.5.4/连力晋-中央财经大学-金融科技-2022.6-5天-2021.5.4.exe
- Size
  
  2.5MB
- MD5
  
  3a4f494e7e0bc953290f06bb57832b98
- SHA1
  
  f6eefab58585343b5a7b33e402a7447acd35adf1
- SHA256
  
  f9394fcc7d180e40fd1017757365b5491b3c93aae6204bf50e9828dcbe97f54d
- SHA512
  
  d6036a1879159e38c594baa33e27e4a014b9ae86846359737f1423a9beb5fe5dfba26d9cb6e50bfb04722c6c26ec3c4f89320608f94db712d0c55369d1cf175c
- SSDEEP
  
  24576:R3dadNasA928VeQTCh+y6Moc2E9Q2xza3WiLQzMT3b75m:navg2uBTCh+y6MorE9QeZiUSb75m
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan

behavioral5

behavioral6