metasploit | 60463c10a65048a11e37eb784b1b5f9dd9197d7bffe8cde8daa50cb56ef4d39e | Triage

Sharing

General

Target

JaffaCakes118_59f770974597fa27ef9e484feaca9cda
Size

132KB
Sample

250101-smbyrazkdy
MD5

59f770974597fa27ef9e484feaca9cda
SHA1

c402332adb19c3973a64214dc313feccd1c8671d
SHA256

60463c10a65048a11e37eb784b1b5f9dd9197d7bffe8cde8daa50cb56ef4d39e
SHA512

7f31239c49dab452ff288a284bb14e5b7158239a3344599ead533b8282c7408d976fd8fadb6729840859d514c955468e1134b92bdf09ba001d65297ae01341c4
SSDEEP

3072:42sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcXcOuBXJ:hbJhs7QW69hd1MMdxPe9N9uA0hu9TBZR

Score

10^/10

metasploit backdoor discovery execution trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

18.189.106.45:13167

Targets

- Target
  
  JaffaCakes118_59f770974597fa27ef9e484feaca9cda
- Size
  
  132KB
- MD5
  
  59f770974597fa27ef9e484feaca9cda
- SHA1
  
  c402332adb19c3973a64214dc313feccd1c8671d
- SHA256
  
  60463c10a65048a11e37eb784b1b5f9dd9197d7bffe8cde8daa50cb56ef4d39e
- SHA512
  
  7f31239c49dab452ff288a284bb14e5b7158239a3344599ead533b8282c7408d976fd8fadb6729840859d514c955468e1134b92bdf09ba001d65297ae01341c4
- SSDEEP
  
  3072:42sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcXcOuBXJ:hbJhs7QW69hd1MMdxPe9N9uA0hu9TBZR
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan