metasploit | 9ca8e3e470787f315cb0f2cfaceba4be7a513f03e5500acf1f58b963aadfe036 | Triage

Submit
Reports

Overview

overview

Static

static

3

1cfb51141e...18.exe

windows7-x64

1cfb51141e...18.exe

windows10-2004-x64

Sharing

General

Target

1cfb51141e5c4f989c3322488251860a_JaffaCakes118
Size

508KB
Sample

240701-3sjkwsxemh
MD5

1cfb51141e5c4f989c3322488251860a
SHA1

63e204959e34ec1a3f071079025ee572859c5c41
SHA256

9ca8e3e470787f315cb0f2cfaceba4be7a513f03e5500acf1f58b963aadfe036
SHA512

a75e0575273794b0117c574acb3cbb6d4db56758b4fdb06c7155902b1d417e015715417e0aea44b5a24e086c985c1bddeb394f287ff317ede3a61536b5a22579
SSDEEP

3072:ijdFX/Bu4p8JEmPg+qqF365EhyUL2GayImQ7STjLWLa8H6sPONTrLZCbd4iFqFA8:iZlBuKZmPg0aO+BLFNorLUlFqFAd6b

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1cfb51141e5c4f989c3322488251860a_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1cfb51141e5c4f989c3322488251860a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1cfb51141e5c4f989c3322488251860a_JaffaCakes118
- Size
  
  508KB
- MD5
  
  1cfb51141e5c4f989c3322488251860a
- SHA1
  
  63e204959e34ec1a3f071079025ee572859c5c41
- SHA256
  
  9ca8e3e470787f315cb0f2cfaceba4be7a513f03e5500acf1f58b963aadfe036
- SHA512
  
  a75e0575273794b0117c574acb3cbb6d4db56758b4fdb06c7155902b1d417e015715417e0aea44b5a24e086c985c1bddeb394f287ff317ede3a61536b5a22579
- SSDEEP
  
  3072:ijdFX/Bu4p8JEmPg+qqF365EhyUL2GayImQ7STjLWLa8H6sPONTrLZCbd4iFqFA8:iZlBuKZmPg0aO+BLFNorLUlFqFAd6b
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy