metasploit | 239281cf00bc9d6338829a45b61e306268908595edef6956a3eb48401c9d9703 | Triage

Submit
Reports

Overview

overview

Static

static

7

1bc7db208f...18.exe

windows7-x64

1bc7db208f...18.exe

windows10-2004-x64

Sharing

General

Target

1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118
Size

93KB
Sample

240701-vf983sshqm
MD5

1bc7db208fb6cc34fd08bf9c1ed14a71
SHA1

2f88697737dd798dbb6ecc3f3102cbaecb20eff0
SHA256

239281cf00bc9d6338829a45b61e306268908595edef6956a3eb48401c9d9703
SHA512

5fd5254dd43587d10a7be157c05d279c4b088deadef4e71849d5da457aa526a4791735a10e0daa419df5357cf4b09dc241f78ebc99bb3c1821172e6fd03de426
SSDEEP

1536:u966bMGYpHhmIhyx9XlibMwZnwJ7/Ig0cTxzmKa3iqltpDJEasBMDYP77:u966bM5pHhDIHXFJ7/ICoiyVJfH

Score

10^/10

metasploit backdoor trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118.exe

Resource

win10v2004-20240611-en

metasploit backdoor trojan vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1bc7db208fb6cc34fd08bf9c1ed14a71_JaffaCakes118
- Size
  
  93KB
- MD5
  
  1bc7db208fb6cc34fd08bf9c1ed14a71
- SHA1
  
  2f88697737dd798dbb6ecc3f3102cbaecb20eff0
- SHA256
  
  239281cf00bc9d6338829a45b61e306268908595edef6956a3eb48401c9d9703
- SHA512
  
  5fd5254dd43587d10a7be157c05d279c4b088deadef4e71849d5da457aa526a4791735a10e0daa419df5357cf4b09dc241f78ebc99bb3c1821172e6fd03de426
- SSDEEP
  
  1536:u966bMGYpHhmIhyx9XlibMwZnwJ7/Ig0cTxzmKa3iqltpDJEasBMDYP77:u966bM5pHhDIHXFJ7/ICoiyVJfH
Score

10^/10

metasploit backdoor trojan vmprotect
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Deletes itself
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojanvmprotect

behavioral2

metasploitbackdoortrojanvmprotect

© 2018-2024

Terms | Privacy