metasploit | 41d17aeec282d38dd6c92978b25081f7c05996ed5c27b83dcc43b8dc51a66ea4 | Triage

Sharing

General

Target

JaffaCakes118_b99a3c504fb3494c81eca16099aec5ab
Size

472KB
Sample

250415-k9pjcsvxev
MD5

b99a3c504fb3494c81eca16099aec5ab
SHA1

5695103a074dc622f1e7bd06e9b132c1e27550a2
SHA256

41d17aeec282d38dd6c92978b25081f7c05996ed5c27b83dcc43b8dc51a66ea4
SHA512

433cd7a44f055c3f1f9eb1498dd17d04b749dc587ddbde7c3d506c5a99b98db415c1d02fa0662f2d22934067feaa92c768c02c42be6c094cc5869ec3b23de705
SSDEEP

6144:uFeLlS5FZCAv2wFR24biJjWti/9q7R/ck6pSDy4N5q39dVdnNn1u9/TPr5P6uzPx:8D6AvTFgJVWt49y5YeE8RhpQetCe

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  JaffaCakes118_b99a3c504fb3494c81eca16099aec5ab
- Size
  
  472KB
- MD5
  
  b99a3c504fb3494c81eca16099aec5ab
- SHA1
  
  5695103a074dc622f1e7bd06e9b132c1e27550a2
- SHA256
  
  41d17aeec282d38dd6c92978b25081f7c05996ed5c27b83dcc43b8dc51a66ea4
- SHA512
  
  433cd7a44f055c3f1f9eb1498dd17d04b749dc587ddbde7c3d506c5a99b98db415c1d02fa0662f2d22934067feaa92c768c02c42be6c094cc5869ec3b23de705
- SSDEEP
  
  6144:uFeLlS5FZCAv2wFR24biJjWti/9q7R/ck6pSDy4N5q39dVdnNn1u9/TPr5P6uzPx:8D6AvTFgJVWt49y5YeE8RhpQetCe
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan