metasploit | 480add5ca2996d3f6c4d2f1b469c0bcf79ee90fae89d74bef0fdb10e795c39f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

1cb03938e0...18.exe

windows7-x64

1cb03938e0...18.exe

windows10-2004-x64

Sharing

General

Target

1cb03938e065d1924e78ecc1e8552ea5_JaffaCakes118
Size

204KB
Sample

240701-149kcaxajk
MD5

1cb03938e065d1924e78ecc1e8552ea5
SHA1

5a4db32f51e9d9c87c5d49d6c198f898c9d001b7
SHA256

480add5ca2996d3f6c4d2f1b469c0bcf79ee90fae89d74bef0fdb10e795c39f3
SHA512

389dc7aa252a22dd552e9166e05cdd91be07b2b63f43729e5ecfd4d7e494bfdb4bb709deaa460be4b60b870e91a880b9970652737c004d366e39d9b75839067f
SSDEEP

6144:jkUCrMOsHvX8wvP6bQ7yMP+DE827ufWlv+/:IUC9sPd6b7MP+Dd2+4U

Score

10^/10

metasploit backdoor bootkit evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1cb03938e065d1924e78ecc1e8552ea5_JaffaCakes118.exe

Resource

win7-20240220-en

metasploit backdoor bootkit evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1cb03938e065d1924e78ecc1e8552ea5_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor evasion trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  1cb03938e065d1924e78ecc1e8552ea5_JaffaCakes118
- Size
  
  204KB
- MD5
  
  1cb03938e065d1924e78ecc1e8552ea5
- SHA1
  
  5a4db32f51e9d9c87c5d49d6c198f898c9d001b7
- SHA256
  
  480add5ca2996d3f6c4d2f1b469c0bcf79ee90fae89d74bef0fdb10e795c39f3
- SHA512
  
  389dc7aa252a22dd552e9166e05cdd91be07b2b63f43729e5ecfd4d7e494bfdb4bb709deaa460be4b60b870e91a880b9970652737c004d366e39d9b75839067f
- SSDEEP
  
  6144:jkUCrMOsHvX8wvP6bQ7yMP+DE827ufWlv+/:IUC9sPd6b7MP+Dd2+4U
Score

10^/10

metasploit backdoor bootkit evasion persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Pre-OS Boot

Bootkit

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorbootkitevasionpersistencetrojan

behavioral2

metasploitbackdoorevasiontrojan

© 2018-2024

Terms | Privacy