metasploit | ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf | Triage

Sharing

General

Target

JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
Size

7KB
Sample

241224-lgwyeatqak
MD5

2d279b1ff24694aedac0940f3e297a71
SHA1

983522f60204a435e0b05ee93608303c177a296d
SHA256

ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
SHA512

3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3
SSDEEP

96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.77.130:8080

Targets

- Target
  
  JaffaCakes118_ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
- Size
  
  7KB
- MD5
  
  2d279b1ff24694aedac0940f3e297a71
- SHA1
  
  983522f60204a435e0b05ee93608303c177a296d
- SHA256
  
  ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf
- SHA512
  
  3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3
- SSDEEP
  
  96:joRhn5eXGILYvLL8ervgBsM+PzzrDpoI1yF1dMFVBgDlBu3r77aC:UhnQlYvLL8e8GB9XN7BgHu37r
Score

10^/10

metasploit backdoor trojan discovery
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoordiscoverytrojan