metasploit | 553dbf65f6048f3a28ef6e4c9afd9a21de96663919df11aeeb860a3fec0a73e5 | Triage

Sharing

General

Target

JaffaCakes118_0107b66daa6a5701c8106fa64a64a0b6
Size

220KB
Sample

250121-bb5cgsyjet
MD5

0107b66daa6a5701c8106fa64a64a0b6
SHA1

840baf4942159321585d04d746f9fead4145f408
SHA256

553dbf65f6048f3a28ef6e4c9afd9a21de96663919df11aeeb860a3fec0a73e5
SHA512

744028c58d259321332ef2a2728912f1046e823d93bc9ba106181657daa302f4bceea99a1148026ae9c7ad1880a3b6863268b3a38f70d8a417ecce6c04d77bf5
SSDEEP

3072:j+TWb4ml9VkHpq2zRsvhac4fSZl9lETSZZUF8sqQcD+m5HG55LD0Kuh7f:yY6Psh5vlEmqPqLDZm55Ez

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

122.168.206.28:4957

Targets

- Target
  
  JaffaCakes118_0107b66daa6a5701c8106fa64a64a0b6
- Size
  
  220KB
- MD5
  
  0107b66daa6a5701c8106fa64a64a0b6
- SHA1
  
  840baf4942159321585d04d746f9fead4145f408
- SHA256
  
  553dbf65f6048f3a28ef6e4c9afd9a21de96663919df11aeeb860a3fec0a73e5
- SHA512
  
  744028c58d259321332ef2a2728912f1046e823d93bc9ba106181657daa302f4bceea99a1148026ae9c7ad1880a3b6863268b3a38f70d8a417ecce6c04d77bf5
- SSDEEP
  
  3072:j+TWb4ml9VkHpq2zRsvhac4fSZl9lETSZZUF8sqQcD+m5HG55LD0Kuh7f:yY6Psh5vlEmqPqLDZm55Ez
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan