metasploit | 9f336e98af84d2d1d8368371bd318515efdad7649416c1ae12cdc4a3052f3b8e | Triage

Sharing

General

Target

JaffaCakes118_b9b2fb1adbb9dfb171bf51986ffe3615
Size

123KB
Sample

250415-myhb1swygz
MD5

b9b2fb1adbb9dfb171bf51986ffe3615
SHA1

7596693efb330a26b8cdac271075d6e7b9c266f9
SHA256

9f336e98af84d2d1d8368371bd318515efdad7649416c1ae12cdc4a3052f3b8e
SHA512

fd6a4d046773c214c637d1ae4bd06b2b6121d93df96512d3b55e95f2892e05ae6547aa426dc7c4722ca75965e4ffe4d3a6ca5e5ade98a35ecf882e0079cff8bf
SSDEEP

1536:eEqja03dxWScn3fMzWqFP9IroQfyGCW9BIS2DJ456tK1U0yUmozcoKjFZ+p5PDFm:+X36ScnPMCqFurzf3BzH6Wxlcts3Q

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  JaffaCakes118_b9b2fb1adbb9dfb171bf51986ffe3615
- Size
  
  123KB
- MD5
  
  b9b2fb1adbb9dfb171bf51986ffe3615
- SHA1
  
  7596693efb330a26b8cdac271075d6e7b9c266f9
- SHA256
  
  9f336e98af84d2d1d8368371bd318515efdad7649416c1ae12cdc4a3052f3b8e
- SHA512
  
  fd6a4d046773c214c637d1ae4bd06b2b6121d93df96512d3b55e95f2892e05ae6547aa426dc7c4722ca75965e4ffe4d3a6ca5e5ade98a35ecf882e0079cff8bf
- SSDEEP
  
  1536:eEqja03dxWScn3fMzWqFP9IroQfyGCW9BIS2DJ456tK1U0yUmozcoKjFZ+p5PDFm:+X36ScnPMCqFurzf3BzH6Wxlcts3Q
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Deletes itself
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan