metasploit | 0100a98ef786c82280fd78c259a79940f038553c3a22cf633a0b9f906f9b997e | Triage

Submit
Reports

Overview

overview

Static

static

7

12f7cce498...18.exe

windows7-x64

12f7cce498...18.exe

windows10-2004-x64

7

Sharing

General

Target

12f7cce49894cf0cc2c87ae6c9261871_JaffaCakes118
Size

209KB
Sample

240626-w27whszbrn
MD5

12f7cce49894cf0cc2c87ae6c9261871
SHA1

ff683aa311b00ce4dd3cdcdb44b928e1ef2bd4f0
SHA256

0100a98ef786c82280fd78c259a79940f038553c3a22cf633a0b9f906f9b997e
SHA512

cd4abd2aa8bbff81cccfcb688a51cb7afc301eef42a86a8759ace81360c9f7fd05f43f66e7f08d70a41a02de3facaf0aa065bce599ec8cc912cf890b0582be1a
SSDEEP

3072:xb5Wt+J9FhsoCl/LeB9y8nQFopQ11Vh28vcmpsHlh8d4H+OBbpr7k/v+4aX2:xb5y+J9vVQ/LiQ6pQH/V0nHlhp+2dd

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

12f7cce49894cf0cc2c87ae6c9261871_JaffaCakes118.exe

Resource

win7-20240611-en

metasploit backdoor trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

12f7cce49894cf0cc2c87ae6c9261871_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  12f7cce49894cf0cc2c87ae6c9261871_JaffaCakes118
- Size
  
  209KB
- MD5
  
  12f7cce49894cf0cc2c87ae6c9261871
- SHA1
  
  ff683aa311b00ce4dd3cdcdb44b928e1ef2bd4f0
- SHA256
  
  0100a98ef786c82280fd78c259a79940f038553c3a22cf633a0b9f906f9b997e
- SHA512
  
  cd4abd2aa8bbff81cccfcb688a51cb7afc301eef42a86a8759ace81360c9f7fd05f43f66e7f08d70a41a02de3facaf0aa065bce599ec8cc912cf890b0582be1a
- SSDEEP
  
  3072:xb5Wt+J9FhsoCl/LeB9y8nQFopQ11Vh28vcmpsHlh8d4H+OBbpr7k/v+4aX2:xb5y+J9vVQ/LiQ6pQH/V0nHlhp+2dd
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

© 2018-2024

Terms | Privacy