metasploit | bccc6abd86e962fafe59f64557f8e33c76ca41c91e610f2879c03c8139046d19 | Triage

Submit
Reports

Overview

overview

Static

static

3

1324cbd3ae...18.exe

windows7-x64

1324cbd3ae...18.exe

windows10-2004-x64

7

Sharing

General

Target

1324cbd3aec231c8c8e7c4444b4c55bf_JaffaCakes118
Size

520KB
Sample

240626-x31z2ayhnh
MD5

1324cbd3aec231c8c8e7c4444b4c55bf
SHA1

75c52eba09098041c901a742a3fafe33c82cae28
SHA256

bccc6abd86e962fafe59f64557f8e33c76ca41c91e610f2879c03c8139046d19
SHA512

0f74984f5c936636f7d2f409ac277ec4bc6f9849dc4dc51c019e4f619f7b56c46aa54f0a0702b118aa8c2b7fe40e5ec30a51c2927e0c85ed928337f853177b3f
SSDEEP

12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETO3

Score

10^/10

metasploit backdoor evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1324cbd3aec231c8c8e7c4444b4c55bf_JaffaCakes118.exe

Resource

win7-20240221-en

metasploit backdoor evasion trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1324cbd3aec231c8c8e7c4444b4c55bf_JaffaCakes118.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1324cbd3aec231c8c8e7c4444b4c55bf_JaffaCakes118
- Size
  
  520KB
- MD5
  
  1324cbd3aec231c8c8e7c4444b4c55bf
- SHA1
  
  75c52eba09098041c901a742a3fafe33c82cae28
- SHA256
  
  bccc6abd86e962fafe59f64557f8e33c76ca41c91e610f2879c03c8139046d19
- SHA512
  
  0f74984f5c936636f7d2f409ac277ec4bc6f9849dc4dc51c019e4f619f7b56c46aa54f0a0702b118aa8c2b7fe40e5ec30a51c2927e0c85ed928337f853177b3f
- SSDEEP
  
  12288:IuQR86TZUJgushyTe3Chl9rxdk0ERno19p2N5188AUmxpXu3TdYZZZZ:IuQfTZUJgushh3Cn9ldUY9Qr18TxETO3
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2

© 2018-2024

Terms | Privacy