metasploit | dad1a4bc2ec24bf8b689974ae5a7128d85482d970162a70ea40ea0e80fbfa8ee | Triage

Sharing

General

Target

JaffaCakes118_dad1a4bc2ec24bf8b689974ae5a7128d85482d970162a70ea40ea0e80fbfa8ee
Size

1.3MB
Sample

241223-tnfh1avjbn
MD5

3bc6630c2e86a62ed67109e96b0b5756
SHA1

c591495a21f7f652625b04ef9fd53e69e5e9acae
SHA256

dad1a4bc2ec24bf8b689974ae5a7128d85482d970162a70ea40ea0e80fbfa8ee
SHA512

7bb2030b07ad99a09bbf6a703c632d366db55c52c7c3ea17d3942481f9eb8e84d78f9ed095672ea0016bff797fa74ea937368733cf8c72ee24fb54f1190b4546
SSDEEP

24576:LrZQZfoj7zXLEELcsd12E97YT5wd/NvLPXHkiZS2WdkT7JwutUqptNI+ZgHL:hMgLQ41xMadhLfHtS2EkT7eutUoI0i

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  krpt.dll
- Size
  
  1.3MB
- MD5
  
  8acdc3de7aee7d7d7242d42e7e5254be
- SHA1
  
  d0be878a474170584ba3cfdfd19b22baa81f19df
- SHA256
  
  53acfefcda2e6e3f31786a2e2c7fa5bcb83380e284d919f03bfc6d31a6b3b76f
- SHA512
  
  13f541bda8961d649ec3ec1351413281fe2e340f17bce09a3c7b09a411f0b27fa7d0e5693399032ca725ef598c84096bfcc5d0f5775121fab7b89f323c0c1db0
- SSDEEP
  
  24576:FrqYkIXkv6WMVqgF7687IMFAO1KlyOQpppppppppppppppppppppp4KVmsdzaA+5:F+YB86Wr/2ImAJy
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  wps.exe
- Size
  
  1.0MB
- MD5
  
  8258fb211075d889b4e3e15458b2a9c5
- SHA1
  
  6620a898c2899b346ee6a524b09c306775e44706
- SHA256
  
  b814a4c506ce2dd3920990ecfcb106b7650529be39fe7513373073c5274e62b3
- SHA512
  
  603cef3ad12ccf092b4cf49315da79f1893775d188c6c7d0015932f9e0ad9030d7871475b7dd202dad0a2198ecde654b73dd819175d2a61c8a64bf32de7693f2
- SSDEEP
  
  24576:P7QXeEKjLIRwIp8wciIJZou3aF8Sj+1vDXjU/5:jQuEoIG28wcmF8Sj+B/K5
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan