metasploit | 2b788522372429cdf4038d8eac66c8384a213f022e877369263156e67372e2f5 | Triage

Sharing

General

Target

JaffaCakes118_2b788522372429cdf4038d8eac66c8384a213f022e877369263156e67372e2f5
Size

350KB
Sample

241224-qp8z6aykgv
MD5

0966178a1c9e5c358ec380655f8b6375
SHA1

1efc70ac160356d99a4994015428a815b4515745
SHA256

2b788522372429cdf4038d8eac66c8384a213f022e877369263156e67372e2f5
SHA512

5535494f26f4d5758aa1e8d478a7755a114c4b5f4105a2332dccdf8f0b1f4fe15d130098c78250c5daa1cf1a8e0421d160850ada9367a9fd69532c1ded624ad9
SSDEEP

6144:CKccGcDnnd44W3mnfw3URaVvlt0z1UU9DqcUAJRR8rCcpoyGb9kM2E7sf:46nz9nRRIvX0CcD5bJr8hyyGL1sf

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

185.63.90.137:4445

Targets

- Target
  
  601227d52c6e367e11b80240183d07d38bc11a88e844e8401fce17eb25e92ba8
- Size
  
  1.5MB
- MD5
  
  85acfee86fd742ac5b6e347cd860324b
- SHA1
  
  91677465635ff139d8b98ce5a517b7135301104f
- SHA256
  
  601227d52c6e367e11b80240183d07d38bc11a88e844e8401fce17eb25e92ba8
- SHA512
  
  38b105b802707cb28585727ac82146b79fef22451efa81eb88097dbb7ed7c87f4f584fb04f57aeb9e3c75681a26ae4b4f22ebf100db83dcdea22d70ed24295dd
- SSDEEP
  
  24576:I4nXubIQGyxbPV0db26bVSSR0o6y2odSSR0o6y2B:Iqe3f6NSSR0o6y2SSSR0o6y2
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan