metasploit | 6dce2e6b67bd6067b62a6de675ed8aae2cf12e1686200f4e5a98b88b11d8b041 | Triage

Submit
Reports

Overview

overview

Static

static

3

1d00fc6105...18.exe

windows7-x64

1d00fc6105...18.exe

windows10-2004-x64

Sharing

General

Target

1d00fc610526a7d996b5a264dacb8f38_JaffaCakes118
Size

124KB
Sample

240701-3xlk2sxglg
MD5

1d00fc610526a7d996b5a264dacb8f38
SHA1

805f34f9f2ba22acc0e46901fe6d51824df1edbc
SHA256

6dce2e6b67bd6067b62a6de675ed8aae2cf12e1686200f4e5a98b88b11d8b041
SHA512

5987ac35bb5ab1dfdad6d9e85dee2bd37997fc7b1ec8207a8a15f4ddd5f3bbfec77643fe04b0d34df3eb1ac0366777d79208ee1330912940c92d617775a9d555
SSDEEP

3072:LZeHqJUyvkbE4M2OLh8fwFVRv7IuMBbgWwXNO:LZZ7MY4bgFvvYCf9

Score

10^/10

metasploit backdoor execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d00fc610526a7d996b5a264dacb8f38_JaffaCakes118.exe

Resource

win7-20240419-en

metasploit backdoor execution trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d00fc610526a7d996b5a264dacb8f38_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor execution trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.0.89:4444

Targets

- Target
  
  1d00fc610526a7d996b5a264dacb8f38_JaffaCakes118
- Size
  
  124KB
- MD5
  
  1d00fc610526a7d996b5a264dacb8f38
- SHA1
  
  805f34f9f2ba22acc0e46901fe6d51824df1edbc
- SHA256
  
  6dce2e6b67bd6067b62a6de675ed8aae2cf12e1686200f4e5a98b88b11d8b041
- SHA512
  
  5987ac35bb5ab1dfdad6d9e85dee2bd37997fc7b1ec8207a8a15f4ddd5f3bbfec77643fe04b0d34df3eb1ac0366777d79208ee1330912940c92d617775a9d555
- SSDEEP
  
  3072:LZeHqJUyvkbE4M2OLh8fwFVRv7IuMBbgWwXNO:LZZ7MY4bgFvvYCf9
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan

© 2018-2024

Terms | Privacy