metasploit | 29f4ef54e2746028dd68a286578cf472be04f425cd07f8d754306076296d0e20 | Triage

Sharing

General

Target

JaffaCakes118_4b2eec1fcb130c66354c3c764fb36e2a
Size

102KB
Sample

250101-hm1a8sxpgx
MD5

4b2eec1fcb130c66354c3c764fb36e2a
SHA1

7252d7f16e29012d2aa7ff29215eff2ad39236b4
SHA256

29f4ef54e2746028dd68a286578cf472be04f425cd07f8d754306076296d0e20
SHA512

5773c555c8a7855fdfb582dc628a226c0846c003460ca89f24e2937041ef93a996a3989848af813012f61187d107e6301e832fe5af011e511429f2ec0b860348
SSDEEP

3072:GN2Cs1FNvl3ogl5KfHxFxACVSEoCGRqHrczSZ:GoR1ogHiRFxpVzoCGRqHrczS

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

217.182.208.93:4770

Targets

- Target
  
  JaffaCakes118_4b2eec1fcb130c66354c3c764fb36e2a
- Size
  
  102KB
- MD5
  
  4b2eec1fcb130c66354c3c764fb36e2a
- SHA1
  
  7252d7f16e29012d2aa7ff29215eff2ad39236b4
- SHA256
  
  29f4ef54e2746028dd68a286578cf472be04f425cd07f8d754306076296d0e20
- SHA512
  
  5773c555c8a7855fdfb582dc628a226c0846c003460ca89f24e2937041ef93a996a3989848af813012f61187d107e6301e832fe5af011e511429f2ec0b860348
- SSDEEP
  
  3072:GN2Cs1FNvl3ogl5KfHxFxACVSEoCGRqHrczSZ:GoR1ogHiRFxpVzoCGRqHrczS
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan