metasploit | 081c7d809931e53f6ef41662e06ed4bcbe8e222c6a18565bed461efd444d3360 | Triage

Submit
Reports

Overview

overview

Static

static

3

15f7e1121a...18.exe

windows7-x64

15f7e1121a...18.exe

windows10-2004-x64

Sharing

General

Target

15f7e1121ab14c9f10f48b1aadd47f5e_JaffaCakes118
Size

173KB
Sample

240627-petl2stapj
MD5

15f7e1121ab14c9f10f48b1aadd47f5e
SHA1

f3ee40a6b421e128ba44af005dddac20bcd47936
SHA256

081c7d809931e53f6ef41662e06ed4bcbe8e222c6a18565bed461efd444d3360
SHA512

252c8cb5425858631f9f40314b61e86d502d60566d6bea3fa6a4839974396022f01bfb04c5135637fd33331242f8da738dbb59ae0189188396367c964511b11f
SSDEEP

3072:jCOeDHj6J+1LPz9D+ydlXOw2Ews0DOEK6EYck0soq11o35N30tU/caQJ:+OenLPz9DbRGEz0zCq1yHkticaW

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15f7e1121ab14c9f10f48b1aadd47f5e_JaffaCakes118.exe

Resource

win7-20240419-en

metasploit backdoor trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

15f7e1121ab14c9f10f48b1aadd47f5e_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  15f7e1121ab14c9f10f48b1aadd47f5e_JaffaCakes118
- Size
  
  173KB
- MD5
  
  15f7e1121ab14c9f10f48b1aadd47f5e
- SHA1
  
  f3ee40a6b421e128ba44af005dddac20bcd47936
- SHA256
  
  081c7d809931e53f6ef41662e06ed4bcbe8e222c6a18565bed461efd444d3360
- SHA512
  
  252c8cb5425858631f9f40314b61e86d502d60566d6bea3fa6a4839974396022f01bfb04c5135637fd33331242f8da738dbb59ae0189188396367c964511b11f
- SSDEEP
  
  3072:jCOeDHj6J+1LPz9D+ydlXOw2Ews0DOEK6EYck0soq11o35N30tU/caQJ:+OenLPz9DbRGEz0zCq1yHkticaW
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy