Overview

overview

10

Static

static

3

135b8f7a91...18.exe

windows7-x64

10

135b8f7a91...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118

  • Size

    192KB

  • Sample

    240626-zde3daveqp

  • MD5

    135b8f7a9148e9668b2c2125898d9f29

  • SHA1

    950d01f793b7d349c6db244fc3af0ba59fb788c9

  • SHA256

    5d1c82844f7b188784acb77c6fc989a289a7526d43e2db703e0ae6ad0b2eb061

  • SHA512

    14aac870f7507bf757c2beb89a8079d5aaf62bb1b54be34832c7bba3ec517a6a1b9b36e3d521220eda95f6115c107d7382dc9411c200519d445be60f334b5b03

  • SSDEEP

    3072:l6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0XKsFzi3TKswhb:r6Nj5LInmwIftXaijob

Score
10/10
metasploitbackdoorevasiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      135b8f7a9148e9668b2c2125898d9f29_JaffaCakes118

    • Size

      192KB

    • MD5

      135b8f7a9148e9668b2c2125898d9f29

    • SHA1

      950d01f793b7d349c6db244fc3af0ba59fb788c9

    • SHA256

      5d1c82844f7b188784acb77c6fc989a289a7526d43e2db703e0ae6ad0b2eb061

    • SHA512

      14aac870f7507bf757c2beb89a8079d5aaf62bb1b54be34832c7bba3ec517a6a1b9b36e3d521220eda95f6115c107d7382dc9411c200519d445be60f334b5b03

    • SSDEEP

      3072:l6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0XKsFzi3TKswhb:r6Nj5LInmwIftXaijob

    Score
    10/10
    metasploitbackdoorevasiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Modifies firewall policy service

      evasion

    • Windows security bypass

      evasiontrojan

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

3
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

2
T1562.001

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks