metasploit | 096f2351e53ac2aafd0b8bc9059e794e3150909eed1fd4d08f6e3f238cf042d3 | Triage

Sharing

General

Target

JaffaCakes118_096f2351e53ac2aafd0b8bc9059e794e3150909eed1fd4d08f6e3f238cf042d3
Size

54KB
Sample

241229-g9qvmsvphz
MD5

dd60f7322c54eae0e5b28d9ca79750f9
SHA1

977384473210b19cfb4f7190228f793f2ff0b4e4
SHA256

096f2351e53ac2aafd0b8bc9059e794e3150909eed1fd4d08f6e3f238cf042d3
SHA512

8f7cc5c1c5e332a06739bd225ef655fd8fcbe5d80e03aa43fc3665ddf7128b93673b1d0726ea93b2f25460c86727ee22b67312115073098b5d9aca5d98fd0f97
SSDEEP

1536:9yqKTcFAZVFHcgn97htnPAGDSbvjTmlSaq0t3SfU3l7TBqalc:93KTpZrxvP5evjT05q0t314Yc

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://www.microport.com.cn:80/npE9

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MAARJS) Host: ydzf.10086.cn

Targets

- Target
  
  529628adb7ac898054e8276740e43941db3d4db065e1ee17f38b236daeace708.dll
- Size
  
  80KB
- MD5
  
  f3b5443f08ddc69d78680977a806f315
- SHA1
  
  798e3ed264474ecf67719d3277667083585f78a8
- SHA256
  
  529628adb7ac898054e8276740e43941db3d4db065e1ee17f38b236daeace708
- SHA512
  
  5790713c65862acaf6311c90dadfe399ab385767b8f1e4ea938f5fd4a692577e40700f03c374adde74882c92b8ed41e4e12b7c58e183f09ee6636b2a285091d7
- SSDEEP
  
  1536:NkKIDKrg3J7Nnufg+g5wsLtQmlSaq0t3SfU3l7TBW/:NkKaRyg+g5wsLtQ05q0t31I
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  exec.bat
- Size
  
  122B
- MD5
  
  bd39a2049859e5cf3890876b30ab85c8
- SHA1
  
  79d2ee0b07cc3fada05abec3cf08df48316437cd
- SHA256
  
  26063e345e4f1f6a9ddfb0993cbe7e983febbf6222026a61a3b57175875a3f16
- SHA512
  
  0db87abd20c055a3df1244ebcbf592194196dc7bd0d5a874df7775ee8c874dd3985f879a31f24c67991f470f81bb74f91830f8e31b8302dca8bb29d5b3fcfa91
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan