metasploit | 861290cab7f4bac049a7b19693e2acdda58dbd5b0dbebedc2e803f9a6476a571 | Triage

Submit
Reports

Overview

overview

Static

static

3

190aeb317f...18.exe

windows7-x64

190aeb317f...18.exe

windows10-2004-x64

Sharing

General

Target

190aeb317f6c7f6956952327d719b007_JaffaCakes118
Size

199KB
Sample

240628-gr1bcsxcrq
MD5

190aeb317f6c7f6956952327d719b007
SHA1

b07675d4f7f4dbbf6c89ad0264362015c36f192c
SHA256

861290cab7f4bac049a7b19693e2acdda58dbd5b0dbebedc2e803f9a6476a571
SHA512

76a837995952890ea050b41586030f87c4c143ce0f1134a94e28c4a969d3335dbd7910f7b132b70ae573f3e5e07d642858f5f1c13118a4c02130205b37d461d0
SSDEEP

3072:NdmO0+1JiNRHw7PXppxRzd2NLGM61pTz2FreEErROmLPBadoWaK9YvxUDhfm:DSrRHw7fEx8pGFrl2RjLPBaOTSDA

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

190aeb317f6c7f6956952327d719b007_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

190aeb317f6c7f6956952327d719b007_JaffaCakes118.exe

Resource

win10v2004-20240611-en

metasploit backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  190aeb317f6c7f6956952327d719b007_JaffaCakes118
- Size
  
  199KB
- MD5
  
  190aeb317f6c7f6956952327d719b007
- SHA1
  
  b07675d4f7f4dbbf6c89ad0264362015c36f192c
- SHA256
  
  861290cab7f4bac049a7b19693e2acdda58dbd5b0dbebedc2e803f9a6476a571
- SHA512
  
  76a837995952890ea050b41586030f87c4c143ce0f1134a94e28c4a969d3335dbd7910f7b132b70ae573f3e5e07d642858f5f1c13118a4c02130205b37d461d0
- SSDEEP
  
  3072:NdmO0+1JiNRHw7PXppxRzd2NLGM61pTz2FreEErROmLPBadoWaK9YvxUDhfm:DSrRHw7fEx8pGFrl2RjLPBaOTSDA
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy