metasploit | 96beda72ed59030e60427b3b995847a62ec89b1dd84c3f522775d2985b261c6e | Triage

Sharing

General

Target

JaffaCakes118_b870ed659797c70d3155cbfc67a275b9
Size

222KB
Sample

250414-vnyj9awsg1
MD5

b870ed659797c70d3155cbfc67a275b9
SHA1

12743a476b9b2adf97b20946971f7257922179ba
SHA256

96beda72ed59030e60427b3b995847a62ec89b1dd84c3f522775d2985b261c6e
SHA512

b08ff02bcaf6d637607ef4eb9e2d9ba27a3a6267e9c7315dc9fe83c45624d76457786f0fdaf68f273a91c05c88e8cda2af8876da45a24a5d3ee0947be36f1167
SSDEEP

6144:KrsIjjoR5J0dEZUWIL91NUtcAU4Sf+gzDEJ/z4vzRdK:8jY2ECpUJC+gnqz4vzu

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  JaffaCakes118_b870ed659797c70d3155cbfc67a275b9
- Size
  
  222KB
- MD5
  
  b870ed659797c70d3155cbfc67a275b9
- SHA1
  
  12743a476b9b2adf97b20946971f7257922179ba
- SHA256
  
  96beda72ed59030e60427b3b995847a62ec89b1dd84c3f522775d2985b261c6e
- SHA512
  
  b08ff02bcaf6d637607ef4eb9e2d9ba27a3a6267e9c7315dc9fe83c45624d76457786f0fdaf68f273a91c05c88e8cda2af8876da45a24a5d3ee0947be36f1167
- SSDEEP
  
  6144:KrsIjjoR5J0dEZUWIL91NUtcAU4Sf+gzDEJ/z4vzRdK:8jY2ECpUJC+gnqz4vzu
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan