metasploit | 93650c39360cee9ca009a9cff5db55b30a8af56edaa96f5a89405ff0ab08c55f | Triage

Submit
Reports

Overview

overview

Static

static

3

167d3ea012...18.exe

windows7-x64

167d3ea012...18.exe

windows10-2004-x64

Sharing

General

Target

167d3ea012510c658f5b975e1af1a603_JaffaCakes118
Size

340KB
Sample

240627-spmg9sxcpc
MD5

167d3ea012510c658f5b975e1af1a603
SHA1

226b991ed3f492cff9ae6cdd95ee8d635839bce0
SHA256

93650c39360cee9ca009a9cff5db55b30a8af56edaa96f5a89405ff0ab08c55f
SHA512

2d54f6e9d96e9d2224dea374106e7256f7e3ecea02044138a5882031f417a095563cae6168237974954ca9d6e54d7490f1a21b1f7a9818be098a33b895fa85ee
SSDEEP

6144:iXhaVAhAD4U5lbVwRhauOLIXV+w5BhfMPccDOqh7zYHhYH9052:ixaVAh64U5lCPOLIXV+w5WjHa52

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

167d3ea012510c658f5b975e1af1a603_JaffaCakes118.exe

Resource

win7-20240611-en

metasploit backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

167d3ea012510c658f5b975e1af1a603_JaffaCakes118.exe

Resource

win10v2004-20240226-en

metasploit backdoor trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  167d3ea012510c658f5b975e1af1a603_JaffaCakes118
- Size
  
  340KB
- MD5
  
  167d3ea012510c658f5b975e1af1a603
- SHA1
  
  226b991ed3f492cff9ae6cdd95ee8d635839bce0
- SHA256
  
  93650c39360cee9ca009a9cff5db55b30a8af56edaa96f5a89405ff0ab08c55f
- SHA512
  
  2d54f6e9d96e9d2224dea374106e7256f7e3ecea02044138a5882031f417a095563cae6168237974954ca9d6e54d7490f1a21b1f7a9818be098a33b895fa85ee
- SSDEEP
  
  6144:iXhaVAhAD4U5lbVwRhauOLIXV+w5BhfMPccDOqh7zYHhYH9052:ixaVAh64U5lCPOLIXV+w5WjHa52
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy