metasploit | 09bda9bc0821d5576c8b2c9f506333b7ca4bf210016cf76063c20ec0820de71c | Triage

Submit
Reports

Overview

overview

Static

static

3

1b6f0180f5...18.exe

windows7-x64

1b6f0180f5...18.exe

windows10-2004-x64

Sharing

General

Target

1b6f0180f590096ad64577b9f88692c2_JaffaCakes118
Size

132KB
Sample

240701-qgagmaxanp
MD5

1b6f0180f590096ad64577b9f88692c2
SHA1

a8e7a592705c2620a0d300d5b7be778fe37f1c64
SHA256

09bda9bc0821d5576c8b2c9f506333b7ca4bf210016cf76063c20ec0820de71c
SHA512

971dbef8b41624f18d140d211b0f93cb6ef7b9630f180ff5f995181cc2c73d3c1ea79fd7da9c0a0dd023b7e0f21b92661d639a0b00e4b6e8cb2572064dd33099
SSDEEP

1536:33oH7x3kI3mTfPhcQ2QDOFbhSUA9GdPNHeARsV/HWyLcub7FLMejUV2JeHNsUEE:noqOLQDOTn8kV5sV/2yLz7FLHoaUl

Score

10^/10

metasploit backdoor persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b6f0180f590096ad64577b9f88692c2_JaffaCakes118.exe

Resource

win7-20240221-en

metasploit backdoor persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b6f0180f590096ad64577b9f88692c2_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1b6f0180f590096ad64577b9f88692c2_JaffaCakes118
- Size
  
  132KB
- MD5
  
  1b6f0180f590096ad64577b9f88692c2
- SHA1
  
  a8e7a592705c2620a0d300d5b7be778fe37f1c64
- SHA256
  
  09bda9bc0821d5576c8b2c9f506333b7ca4bf210016cf76063c20ec0820de71c
- SHA512
  
  971dbef8b41624f18d140d211b0f93cb6ef7b9630f180ff5f995181cc2c73d3c1ea79fd7da9c0a0dd023b7e0f21b92661d639a0b00e4b6e8cb2572064dd33099
- SSDEEP
  
  1536:33oH7x3kI3mTfPhcQ2QDOFbhSUA9GdPNHeARsV/HWyLcub7FLMejUV2JeHNsUEE:noqOLQDOTn8kV5sV/2yLz7FLHoaUl
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan

© 2018-2024

Terms | Privacy