metasploit | b5b17bc7bdb64909ae5277f967d739e73743d9406a65cc646753b21ede516031 | Triage

Submit
Reports

Overview

overview

Static

static

3

18a441df20...18.exe

windows7-x64

18a441df20...18.exe

windows10-2004-x64

Sharing

General

Target

18a441df203f749c24027a8f61464e7e_JaffaCakes118
Size

169KB
Sample

240628-d6j15ssanm
MD5

18a441df203f749c24027a8f61464e7e
SHA1

bff7d814b8a76605e82addc1e67f652579534d4e
SHA256

b5b17bc7bdb64909ae5277f967d739e73743d9406a65cc646753b21ede516031
SHA512

4515f22267f6b5344240a9eccdf98c065b9e4f626b91848a981283ab1e3c35a9661d04e1aed008572243bb06e9f3cddd226f4b90469964d1a8350e01cb2610ba
SSDEEP

3072:lGEEhqaY4n5OR/V5DI1KWWwW3bkPLrV0JhTxKQbVRkIuYfdpN6WjFk:lGAN4ID+KbwW3mLZwhTxKQbVRFfPN6WG

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

18a441df203f749c24027a8f61464e7e_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

18a441df203f749c24027a8f61464e7e_JaffaCakes118.exe

Resource

win10v2004-20240611-en

metasploit backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  18a441df203f749c24027a8f61464e7e_JaffaCakes118
- Size
  
  169KB
- MD5
  
  18a441df203f749c24027a8f61464e7e
- SHA1
  
  bff7d814b8a76605e82addc1e67f652579534d4e
- SHA256
  
  b5b17bc7bdb64909ae5277f967d739e73743d9406a65cc646753b21ede516031
- SHA512
  
  4515f22267f6b5344240a9eccdf98c065b9e4f626b91848a981283ab1e3c35a9661d04e1aed008572243bb06e9f3cddd226f4b90469964d1a8350e01cb2610ba
- SSDEEP
  
  3072:lGEEhqaY4n5OR/V5DI1KWWwW3bkPLrV0JhTxKQbVRkIuYfdpN6WjFk:lGAN4ID+KbwW3mLZwhTxKQbVRFfPN6WG
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy