metasploit | 74e015b40466991479494d380d2ebaaeb19e37700a0236ff054ffeb00d1ae5f5 | Triage

Submit
Reports

Overview

overview

Static

static

3

1a7fd8aa55...18.exe

windows7-x64

1a7fd8aa55...18.exe

windows10-2004-x64

1

Sharing

General

Target

1a7fd8aa5528ac7ef16034a22d234ca5_JaffaCakes118
Size

191KB
Sample

240701-jpww9stbqn
MD5

1a7fd8aa5528ac7ef16034a22d234ca5
SHA1

56127afa7824d23801cb3a740737a9ea796fb42a
SHA256

74e015b40466991479494d380d2ebaaeb19e37700a0236ff054ffeb00d1ae5f5
SHA512

752e1f29e251a2b59473e16287092ed49a07110368ee875e4295aa1674ec3ce598c68fb48f86e98776026fb1cfaed147e6484a1fa9d814b6279c947bec02d870
SSDEEP

3072:9M8HXSW71DLbDJylhj0yFe5c3yd85RqTyj8otRxoS0l8ckaX4G7U2jI46t5ei5IG:9Fh75wld0yKbG5A2j8oJ8lhkaZ7FI4uL

Score

10^/10

metasploit backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a7fd8aa5528ac7ef16034a22d234ca5_JaffaCakes118.exe

Resource

win7-20240221-en

metasploit backdoor persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a7fd8aa5528ac7ef16034a22d234ca5_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1a7fd8aa5528ac7ef16034a22d234ca5_JaffaCakes118
- Size
  
  191KB
- MD5
  
  1a7fd8aa5528ac7ef16034a22d234ca5
- SHA1
  
  56127afa7824d23801cb3a740737a9ea796fb42a
- SHA256
  
  74e015b40466991479494d380d2ebaaeb19e37700a0236ff054ffeb00d1ae5f5
- SHA512
  
  752e1f29e251a2b59473e16287092ed49a07110368ee875e4295aa1674ec3ce598c68fb48f86e98776026fb1cfaed147e6484a1fa9d814b6279c947bec02d870
- SSDEEP
  
  3072:9M8HXSW71DLbDJylhj0yFe5c3yd85RqTyj8otRxoS0l8ckaX4G7U2jI46t5ei5IG:9Fh75wld0yKbG5A2j8oJ8lhkaZ7FI4uL
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy