metasploit | 2f01c83de89e09d19fec0a34610e1e4e08f97d1d63994971290a58f5843d6c3a | Triage

Sharing

General

Target

JaffaCakes118_8993c57cdf870273d2bbba40f93a3709
Size

608KB
Sample

250327-h3wyrayvbz
MD5

8993c57cdf870273d2bbba40f93a3709
SHA1

c161a3b871b97e094794d57b9f5fbef2235473dd
SHA256

2f01c83de89e09d19fec0a34610e1e4e08f97d1d63994971290a58f5843d6c3a
SHA512

cda4bdbe76dd561663d918cc87abfcb7d0071f7d8dbb448826369cfc0421aa5c946576f119a39b86c6c7a2c588ab41e8b3322fde73aa8558f21fde8f97c814c8
SSDEEP

12288:TiZGqXOv0AcArZ+zTf3qalh0CYdxIK4h5kfZh1UyknblgoqTSBE:TasebTOHIK4h5kR3Uh5qoE

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  JaffaCakes118_8993c57cdf870273d2bbba40f93a3709
- Size
  
  608KB
- MD5
  
  8993c57cdf870273d2bbba40f93a3709
- SHA1
  
  c161a3b871b97e094794d57b9f5fbef2235473dd
- SHA256
  
  2f01c83de89e09d19fec0a34610e1e4e08f97d1d63994971290a58f5843d6c3a
- SHA512
  
  cda4bdbe76dd561663d918cc87abfcb7d0071f7d8dbb448826369cfc0421aa5c946576f119a39b86c6c7a2c588ab41e8b3322fde73aa8558f21fde8f97c814c8
- SSDEEP
  
  12288:TiZGqXOv0AcArZ+zTf3qalh0CYdxIK4h5kfZh1UyknblgoqTSBE:TasebTOHIK4h5kR3Uh5qoE
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan