metasploit | f3a0bf204c78b1f68110bf1762de11a31a61c3f465b8236372e0d2531f4551b7 | Triage

Sharing

General

Target

JaffaCakes118_98bbeee35fee491c860f775993c30c77
Size

264KB
Sample

250330-qpmrxs1rv4
MD5

98bbeee35fee491c860f775993c30c77
SHA1

5e7fb22325f7e97b7837acd6a6f530ee9e05530e
SHA256

f3a0bf204c78b1f68110bf1762de11a31a61c3f465b8236372e0d2531f4551b7
SHA512

27137296c1ba8cc6dba0aa1864c1083a2278c0c71f2ed4ef48e3eac0a5e722a1356501580e0f8a3b34eea2a8298803647c4e74ba457bc8a7561e87950f4999b9
SSDEEP

6144:6XQnW/DANtrToNRoT8DbS48b4oHF4LoUQ/xNy5v/idecEK/bz94M/btXg:6AnW0NtfoYa+48ka//y5v/VK/O

Score

10^/10

metasploit backdoor defense_evasion discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  JaffaCakes118_98bbeee35fee491c860f775993c30c77
- Size
  
  264KB
- MD5
  
  98bbeee35fee491c860f775993c30c77
- SHA1
  
  5e7fb22325f7e97b7837acd6a6f530ee9e05530e
- SHA256
  
  f3a0bf204c78b1f68110bf1762de11a31a61c3f465b8236372e0d2531f4551b7
- SHA512
  
  27137296c1ba8cc6dba0aa1864c1083a2278c0c71f2ed4ef48e3eac0a5e722a1356501580e0f8a3b34eea2a8298803647c4e74ba457bc8a7561e87950f4999b9
- SSDEEP
  
  6144:6XQnW/DANtrToNRoT8DbS48b4oHF4LoUQ/xNy5v/idecEK/bz94M/btXg:6AnW0NtfoYa+48ka//y5v/VK/O
Score

10^/10

metasploit backdoor defense_evasion discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordefense_evasiondiscoverytrojan

behavioral2

metasploitbackdoordefense_evasiondiscoverytrojan