metasploit | 2801f320eb2fc6005be000a31225eb6f2e33bbb6e42f99897003b800ec38eb72 | Triage

Submit
Reports

Overview

overview

Static

static

3

153807fd4e...18.exe

windows7-x64

153807fd4e...18.exe

windows10-2004-x64

Sharing

General

Target

153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118
Size

163KB
Sample

240627-jqjnbssdlj
MD5

153807fd4ed81e99387e80b6d12ddef3
SHA1

2926c65bee567241abd703f7d3434942faec57b7
SHA256

2801f320eb2fc6005be000a31225eb6f2e33bbb6e42f99897003b800ec38eb72
SHA512

074c7c165f2c86dd96a86f0e7cd1af2f545c08c13012aa809fe511dc2a3a093978c846e721cce3c2d1d65135b5947df9685ac97ccf1be1c42c9842508845c3cc
SSDEEP

3072:gv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj9j:gxnoULRvEVlEvAvP1KQ

Score

10^/10

metasploit backdoor evasion persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118.exe

Resource

win7-20231129-en

metasploit backdoor evasion persistence privilege_escalation trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118.exe

Resource

win10v2004-20240611-en

metasploit backdoor evasion persistence privilege_escalation trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  153807fd4ed81e99387e80b6d12ddef3_JaffaCakes118
- Size
  
  163KB
- MD5
  
  153807fd4ed81e99387e80b6d12ddef3
- SHA1
  
  2926c65bee567241abd703f7d3434942faec57b7
- SHA256
  
  2801f320eb2fc6005be000a31225eb6f2e33bbb6e42f99897003b800ec38eb72
- SHA512
  
  074c7c165f2c86dd96a86f0e7cd1af2f545c08c13012aa809fe511dc2a3a093978c846e721cce3c2d1d65135b5947df9685ac97ccf1be1c42c9842508845c3cc
- SSDEEP
  
  3072:gv5lmIoUsJiRvjAZrrF7EJXBPCisvrbviOkAgJQj9j:gxnoULRvEVlEvAvP1KQ
Score

10^/10

metasploit backdoor evasion persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorevasionpersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoorevasionpersistenceprivilege_escalationtrojan

© 2018-2024

Terms | Privacy