metasploit | b95d9a9e10c64b454f9ace6ae0a039a57ff0e7921b3ac0b986ac4319dcaa522a | Triage

Sharing

General

Target

JaffaCakes118_b95d9a9e10c64b454f9ace6ae0a039a57ff0e7921b3ac0b986ac4319dcaa522a
Size

1.3MB
Sample

241224-29qj4azpdy
MD5

40baa29f34ad98e8da78c62cca32b05d
SHA1

f4ea5f94b1e8b6e9eeb0e69d1a71b8deb067b99e
SHA256

b95d9a9e10c64b454f9ace6ae0a039a57ff0e7921b3ac0b986ac4319dcaa522a
SHA512

546548d220dbeb96dbaae9b7adbc6ce2a547e2e8562e12d5ef5c71104d2688d572ceb7211f3516d18c3ddce105cf1e3a1463c9f74e5c33f4d11664683ea0c844
SSDEEP

24576:3+fj9XCRoLrxzDEa3kS4wZJc1eDKxvTGoJ8eidlqkzko8Z/EIoJLo0mt30m:3ylXdIAkN0Z2vzodlio8Snodt3R

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://110.157.231.33:80/css/_utf.gif?id=18721

Attributes

headers Host: picc.com.cn Cookie: QiHooGUID=C9FA6432AF75.1573373412127; User-Agent: Mozilla/5.0 (Linux; Android 4.1.1; Nexus 7 Build/JRO03D) AppleWebKit/535.19 (KHTML, like Gecko)

Targets

- Target
  
  2021Աְ/list1.jpg
- Size
  
  1.5MB
- MD5
  
  8f1fbc7a48cde68378a6dc4064cbce7f
- SHA1
  
  95a1ae099595ce68542984d6ef6c1ed031f8b931
- SHA256
  
  553e460f0ae4e43668dd8d717ab40b0a1ba1941bb0c7918795ea12f861556ce1
- SHA512
  
  e4b837769e886c2fa95816353a49b5bf17ead78f44ad4040d2d6c9bcdfc44c2b0e44f01bfd45d3e3231375f4fed7ddfd6e6bd9d6e009066e82b13caf281bdcee
- SSDEEP
  
  24576:vUZrR/uqE3N85ctjcKGSg3GbNtQyQUnBBTn:v7qkdcKGSg4h1BT
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  2021Աְ/list2.jpg
- Size
  
  176KB
- MD5
  
  081bd2c1ce9df69f5b6c6abacb75f403
- SHA1
  
  f1ae82059e950ae39f697fcffc20b2795d4ec991
- SHA256
  
  8b1d19a05dc2f30b8f876b2abf3651bae6f61cc425fbd6be2c5e0662981bf79e
- SHA512
  
  339be9bf9b0510d0011233a02d40623b3aa652c447306df5645ac1c43f57cfa28afa5883ce9b9606a7d8bd524cc7df76fed346563b873298eca80c4fb9f3075c
- SSDEEP
  
  3072:UeGfFChEXD/7J/pwiC9JJJoyPf/UREvu2HLJzodzCFZ/xAg0FujKSSaGwq2Ox:U/COz/t/Ki8bDnURAu2HacfAOfBq2Ox
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  2021Աְ/ְб.exe
- Size
  
  2.8MB
- MD5
  
  58c0358dff4bf8f2760ae7dcd5c8012e
- SHA1
  
  28a84efc59efa07e2d99d2cb8eb26f851864b296
- SHA256
  
  e9afde6620da93586c261d881c75f606bb6ada7937bd3ff17eb7bee0c414aa9b
- SHA512
  
  d3cc06badac46d28ff50e5be3df45a5118eec847f1582ef06cb565d351c7c1bbef66c2ad95e831fb7ffb320f8b0f0d63d474cc4ecbd4d41bced124af5bc00f1c
- SSDEEP
  
  24576:j3dadNasA928VeQTCh+y6Moc2E9Q2xza3WiLQzMT3b75m:Javg2uBTCh+y6MorE9QeZiUSb75m
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan

behavioral5

behavioral6