metasploit | 0f9561ff51a6610732e2f62686d02c1cfa1e88ef00e0d7b9941002504fb0fa76 | Triage

Sharing

General

Target

JaffaCakes118_95c163f785a9f6ce23cdcf7b0f2ffb9b
Size

148KB
Sample

250329-yha4jsvygw
MD5

95c163f785a9f6ce23cdcf7b0f2ffb9b
SHA1

a1be35b9c1b0172760e9363633e7c2a45b45f746
SHA256

0f9561ff51a6610732e2f62686d02c1cfa1e88ef00e0d7b9941002504fb0fa76
SHA512

f5f672a602d8c004f49f1fce3857e05601aa468613cceffded1beb0ee720698a0bc2191de747a6cbdca87320f63aed5cdd6c3da7bff63cc00b070913856dbbac
SSDEEP

3072:cbbUZWpNLDXduvcBj/yLJljbyoT5mlarMqkhxZproxSNBD:l0pJDXgv6glKarMrhxZprmS

Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  JaffaCakes118_95c163f785a9f6ce23cdcf7b0f2ffb9b
- Size
  
  148KB
- MD5
  
  95c163f785a9f6ce23cdcf7b0f2ffb9b
- SHA1
  
  a1be35b9c1b0172760e9363633e7c2a45b45f746
- SHA256
  
  0f9561ff51a6610732e2f62686d02c1cfa1e88ef00e0d7b9941002504fb0fa76
- SHA512
  
  f5f672a602d8c004f49f1fce3857e05601aa468613cceffded1beb0ee720698a0bc2191de747a6cbdca87320f63aed5cdd6c3da7bff63cc00b070913856dbbac
- SSDEEP
  
  3072:cbbUZWpNLDXduvcBj/yLJljbyoT5mlarMqkhxZproxSNBD:l0pJDXgv6glKarMrhxZprmS
Score

10^/10

metasploit backdoor defense_evasion discovery persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordefense_evasiondiscoverypersistencetrojan

behavioral2

metasploitbackdoordefense_evasiondiscoverypersistencetrojan