metasploit | a4135183ab6542751a8b8f9e527ea68c1e41bce08f85506025dae1c329e786ad | Triage

Sharing

General

Target

JaffaCakes118_a4135183ab6542751a8b8f9e527ea68c1e41bce08f85506025dae1c329e786ad
Size

156KB
Sample

241230-fq745syqbn
MD5

b1ff5a52f6e3c537ef1f89bcc2919843
SHA1

fb2fc853a6ebbcfe48c9f1934e64b51416d408c1
SHA256

a4135183ab6542751a8b8f9e527ea68c1e41bce08f85506025dae1c329e786ad
SHA512

071ff588a52de4937ea6e10557c534fd0eb4a7d7eb952677c7d81784bbd57cbca29bb308c4042296637cd51d542d2267a6f95af890e35874512920481b10492e
SSDEEP

1536:Ek7K+T5fUWtIU4Dpgm+9/FSL0r/DAln9XMb+KR0Nc8QsJq3UDj0D:v7K+TJUwIjp1iS8Aln9Xe0Nc8QsC

Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

52.14.18.129:16935

Targets

- Target
  
  JaffaCakes118_a4135183ab6542751a8b8f9e527ea68c1e41bce08f85506025dae1c329e786ad
- Size
  
  156KB
- MD5
  
  b1ff5a52f6e3c537ef1f89bcc2919843
- SHA1
  
  fb2fc853a6ebbcfe48c9f1934e64b51416d408c1
- SHA256
  
  a4135183ab6542751a8b8f9e527ea68c1e41bce08f85506025dae1c329e786ad
- SHA512
  
  071ff588a52de4937ea6e10557c534fd0eb4a7d7eb952677c7d81784bbd57cbca29bb308c4042296637cd51d542d2267a6f95af890e35874512920481b10492e
- SSDEEP
  
  1536:Ek7K+T5fUWtIU4Dpgm+9/FSL0r/DAln9XMb+KR0Nc8QsJq3UDj0D:v7K+TJUwIjp1iS8Aln9Xe0Nc8QsC
Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan