metasploit | 16801c285de9f40edd59951515bfaaaddaf586defcdb309b730f4d20acbd07bc | Triage

Submit
Reports

Overview

overview

Static

static

3

1c01bc2c2b...18.exe

windows7-x64

1c01bc2c2b...18.exe

windows10-2004-x64

Sharing

General

Target

1c01bc2c2bbd72336530eefb258166a5_JaffaCakes118
Size

528KB
Sample

240701-wtqbhasaqf
MD5

1c01bc2c2bbd72336530eefb258166a5
SHA1

95cc61a79c10dbf1beefb6306ee6de367d73d022
SHA256

16801c285de9f40edd59951515bfaaaddaf586defcdb309b730f4d20acbd07bc
SHA512

32aefca83f8d0f73e3acd1ca330c34c5630995825e809c43655991fdb5b57477137d5cb415cb6b4ef8ebb5d2657d20e7f3cd464cd54bdd4dd8c20d4b2b0c01c8
SSDEEP

12288:m+LBj05NcFwKUynJ9ypCT6NNqavSR5SFgeiqRFpfZ6Mi:BVYwFlUynJXmstax6Mi

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1c01bc2c2bbd72336530eefb258166a5_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c01bc2c2bbd72336530eefb258166a5_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.4:4444

Targets

- Target
  
  1c01bc2c2bbd72336530eefb258166a5_JaffaCakes118
- Size
  
  528KB
- MD5
  
  1c01bc2c2bbd72336530eefb258166a5
- SHA1
  
  95cc61a79c10dbf1beefb6306ee6de367d73d022
- SHA256
  
  16801c285de9f40edd59951515bfaaaddaf586defcdb309b730f4d20acbd07bc
- SHA512
  
  32aefca83f8d0f73e3acd1ca330c34c5630995825e809c43655991fdb5b57477137d5cb415cb6b4ef8ebb5d2657d20e7f3cd464cd54bdd4dd8c20d4b2b0c01c8
- SSDEEP
  
  12288:m+LBj05NcFwKUynJ9ypCT6NNqavSR5SFgeiqRFpfZ6Mi:BVYwFlUynJXmstax6Mi
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy