metasploit | da5c5e3b9cbccb6467f171e3cd5241fa5a42ce54d9b874c2b510cd9a8ddf4ff8 | Triage

Sharing

General

Target

JaffaCakes118_da5c5e3b9cbccb6467f171e3cd5241fa5a42ce54d9b874c2b510cd9a8ddf4ff8
Size

932KB
Sample

241224-bcz46axlhk
MD5

3dae7a05120042b75fb4f20925a14489
SHA1

527e8b08d3c49c0c4d6fce4e1f4a55755fcb5c7d
SHA256

da5c5e3b9cbccb6467f171e3cd5241fa5a42ce54d9b874c2b510cd9a8ddf4ff8
SHA512

328bc5bcc861bf42cce9737b9921877b9476a40dabbe75bff55d928ccc2d3c02e4fb78e0eebd78f9155058aff870ce608724aac9e6fbd8cd5f35b0ec6b20b9d8
SSDEEP

24576:t/5xFNDwdEpg0Z6NWUzrjheEZjAowHKaEdx6KTH:5zFND8r0oNWUzrjhmEdxJH

Score

10^/10

metasploit backdoor discovery javascript pdf trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

35.186.238.101:443

Targets

- Target
  
  JaffaCakes118_da5c5e3b9cbccb6467f171e3cd5241fa5a42ce54d9b874c2b510cd9a8ddf4ff8
- Size
  
  932KB
- MD5
  
  3dae7a05120042b75fb4f20925a14489
- SHA1
  
  527e8b08d3c49c0c4d6fce4e1f4a55755fcb5c7d
- SHA256
  
  da5c5e3b9cbccb6467f171e3cd5241fa5a42ce54d9b874c2b510cd9a8ddf4ff8
- SHA512
  
  328bc5bcc861bf42cce9737b9921877b9476a40dabbe75bff55d928ccc2d3c02e4fb78e0eebd78f9155058aff870ce608724aac9e6fbd8cd5f35b0ec6b20b9d8
- SSDEEP
  
  24576:t/5xFNDwdEpg0Z6NWUzrjheEZjAowHKaEdx6KTH:5zFND8r0oNWUzrjhmEdxJH
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  cs_sb.pdf
- Size
  
  72KB
- MD5
  
  46b94b29185816ba5b3512e26762b674
- SHA1
  
  e23e55f2a9d26fda658c5150cbe63a062a1617cf
- SHA256
  
  b7c860a8cd22c7a1a402edc7442356ab42bd27b57707d38f861feee2b193f28a
- SHA512
  
  98d6e1b2be706e53aa8af3171b0ce7cd838e722999c40ed4112a3c79c7d5f0eb327b593e0cc51e7d923029e05a9e4834d358aedb6dd12fdda10da099bc307f41
- SSDEEP
  
  1536:IzE1TAhQK/5jEvhEXHSlP4k0e/cDBMb+KR0Nc8QsJq39:2UACKlhXSX/cDBe0Nc8QsC9
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdfjavascriptmetasploit

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan