metasploit | 52e9e58c2ecfde3a752621ff159bbb34f648820ec1b70c97c0c1684e6721940e | Triage

Submit
Reports

Overview

overview

Static

static

3

14419a4188...18.exe

windows7-x64

14419a4188...18.exe

windows10-2004-x64

Sharing

General

Target

14419a418849fc6c85a300951e5e78a7_JaffaCakes118
Size

195KB
Sample

240627-b9x13awfqb
MD5

14419a418849fc6c85a300951e5e78a7
SHA1

999efdabbd5625d6aa2f039a911256030a7074c4
SHA256

52e9e58c2ecfde3a752621ff159bbb34f648820ec1b70c97c0c1684e6721940e
SHA512

7a8ec141774f7bb11e55c7c3586b8c7ff53061b723c1bfa6f9dc83f0457feb3cc9893fbaae37173ebc76d229c5907962212442a4399b253d9a6ef305e7c98ff4
SSDEEP

3072:r9RcChXSC7+U1DBQO3S4cAA4JuCP30e0u1139tP4feISqf1wRbBHLRmmkD:9xymB7CQJ5PE9uP3zDISqf1wR9Ha

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

14419a418849fc6c85a300951e5e78a7_JaffaCakes118.exe

Resource

win7-20231129-en

metasploit backdoor trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

14419a418849fc6c85a300951e5e78a7_JaffaCakes118.exe

Resource

win10v2004-20240611-en

metasploit backdoor trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  14419a418849fc6c85a300951e5e78a7_JaffaCakes118
- Size
  
  195KB
- MD5
  
  14419a418849fc6c85a300951e5e78a7
- SHA1
  
  999efdabbd5625d6aa2f039a911256030a7074c4
- SHA256
  
  52e9e58c2ecfde3a752621ff159bbb34f648820ec1b70c97c0c1684e6721940e
- SHA512
  
  7a8ec141774f7bb11e55c7c3586b8c7ff53061b723c1bfa6f9dc83f0457feb3cc9893fbaae37173ebc76d229c5907962212442a4399b253d9a6ef305e7c98ff4
- SSDEEP
  
  3072:r9RcChXSC7+U1DBQO3S4cAA4JuCP30e0u1139tP4feISqf1wRbBHLRmmkD:9xymB7CQJ5PE9uP3zDISqf1wR9Ha
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy