metasploit | 29c5267bc432eff80ff5496dbb467e33f3094a2d5795fe146fb4ad051d7ed327 | Triage

Submit
Reports

Overview

overview

Static

static

3

199363efcd...18.exe

windows7-x64

199363efcd...18.exe

windows10-2004-x64

Sharing

General

Target

199363efcdf47c69fe172d113d744d68_JaffaCakes118
Size

256KB
Sample

240628-k6bs4a1fra
MD5

199363efcdf47c69fe172d113d744d68
SHA1

20780c67d3f26f4a05b11d437b27dd8a18bf1cf3
SHA256

29c5267bc432eff80ff5496dbb467e33f3094a2d5795fe146fb4ad051d7ed327
SHA512

4c4e6856dba5be288e526bdd7348cd174c963dd13235b09c40e383de71e0603b92e3bcd1c2054c24498387cd2d8d3f4510dd98cb719b9d866369a35f7280d591
SSDEEP

6144:v2C2F8NXC796TB9vj481RcOYx3Zmdh3Vxa3NwOiz87:vweVQkTrvj46A3ZG9Vx3O

Score

10^/10

metasploit backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

199363efcdf47c69fe172d113d744d68_JaffaCakes118.exe

Resource

win7-20240221-en

metasploit backdoor persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

199363efcdf47c69fe172d113d744d68_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  199363efcdf47c69fe172d113d744d68_JaffaCakes118
- Size
  
  256KB
- MD5
  
  199363efcdf47c69fe172d113d744d68
- SHA1
  
  20780c67d3f26f4a05b11d437b27dd8a18bf1cf3
- SHA256
  
  29c5267bc432eff80ff5496dbb467e33f3094a2d5795fe146fb4ad051d7ed327
- SHA512
  
  4c4e6856dba5be288e526bdd7348cd174c963dd13235b09c40e383de71e0603b92e3bcd1c2054c24498387cd2d8d3f4510dd98cb719b9d866369a35f7280d591
- SSDEEP
  
  6144:v2C2F8NXC796TB9vj481RcOYx3Zmdh3Vxa3NwOiz87:vweVQkTrvj46A3ZG9Vx3O
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy