metasploit | a7059cb8f3d01a221e2198bf388aa05804075e893321c903e262480b287553f5 | Triage

Sharing

General

Target

JaffaCakes118_c5d7faf909188924a4c318aedb9923a5
Size

215KB
Sample

250208-wplgraypdm
MD5

c5d7faf909188924a4c318aedb9923a5
SHA1

d16d425769e1c2f8db904a0427d423ad9d7f7d25
SHA256

a7059cb8f3d01a221e2198bf388aa05804075e893321c903e262480b287553f5
SHA512

fb7f8528e230463ae11ea86e875a43edfc2289090bc1a645a28fe96c2b75414129367f46d30b4de04cd12fa6ce5aa4e350cc74eee7a8dfe68cfadfbe74fa37d2
SSDEEP

6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscf:hlogQKXd6b7MP+Dd2UYZf

Score

10^/10

metasploit backdoor bootkit defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  JaffaCakes118_c5d7faf909188924a4c318aedb9923a5
- Size
  
  215KB
- MD5
  
  c5d7faf909188924a4c318aedb9923a5
- SHA1
  
  d16d425769e1c2f8db904a0427d423ad9d7f7d25
- SHA256
  
  a7059cb8f3d01a221e2198bf388aa05804075e893321c903e262480b287553f5
- SHA512
  
  fb7f8528e230463ae11ea86e875a43edfc2289090bc1a645a28fe96c2b75414129367f46d30b4de04cd12fa6ce5aa4e350cc74eee7a8dfe68cfadfbe74fa37d2
- SSDEEP
  
  6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscf:hlogQKXd6b7MP+Dd2UYZf
Score

10^/10

metasploit backdoor bootkit defense_evasion discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies security service
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

behavioral2

metasploitbackdoordefense_evasiondiscoverytrojan