metasploit | e38be671774485a922d8bfbdf618730b2250e1c0308206f20d2c9a791542ab00 | Triage

Sharing

General

Target

JaffaCakes118_e38be671774485a922d8bfbdf618730b2250e1c0308206f20d2c9a791542ab00
Size

109KB
Sample

241230-3mckdstqen
MD5

6d72402b8fab13d0a958e226d0c35eaa
SHA1

d10f303dcd39c37ae2f420068019fa7e58f551f4
SHA256

e38be671774485a922d8bfbdf618730b2250e1c0308206f20d2c9a791542ab00
SHA512

be7ecdc9accb603f3746c7a14ac67d5d22388cffdd764b297d095226fc8cbb09939f45857f9c2f57645038d2f3aab68e03e2efdc0c851209d6e6bbe90b6d82f0
SSDEEP

3072:qA1GWClL4+HS3MCm1iApnYwwS+pHOMbbA8/:/1eL4x3LmNpYwwS+pHOqMY

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://1.13.5.159:443/static-directory/dz.mp3

Targets

- Target
  
  Ա취()/python38.dll
- Size
  
  111KB
- MD5
  
  df9f1665c7b75437790841a2b21d7aca
- SHA1
  
  4a8631594dd0d3e40e70901f6b56f7ab4a6dd704
- SHA256
  
  016f5c2ad31ce6d6ee68192a9937b832bb120fca7ffac71c8fc34b4c5e049f10
- SHA512
  
  0e02d9af1a588de7691e7330fc16fbb51a5f9034aa7138c1e39942dbed1e21f352fde9ca31df5c5304ac79df11c49565298fdd24120e13c4bde62f0322404ad9
- SSDEEP
  
  3072:RFoFeSgfuvuKg0rLIGqhjO8kWh9YWUUQqokd1vP8zsMDX:YgfnyIGq9BLYvUQOMDX
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Ա취()/Ա취().exe
- Size
  
  95KB
- MD5
  
  3b35d89b10e561e05006e0a101154348
- SHA1
  
  e2e3cfdc72eb1fe6856d84a571beacb16092a050
- SHA256
  
  123328fe9a690ad5854c9e6d37ffbb38cd35af0e39c9b35e8567e914cdab266f
- SHA512
  
  4b74f7d754131d66ed694eb7a96a6acd283d638ea6593df38142348ea0e22d6929882857bf9cf43f6c64f6147e9268705b685528e6c6676a079ba8402a04a50d
- SSDEEP
  
  1536:pVw2chPKbuEYE+9z2wp+FavGmhMn+IhzZtzQ/FXRCyoM:PAhPKbuAs0FNmhMn+IhNS/FXRuM
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan