metasploit | 40976619899943690686051faa55e20f8fd832677e1b543590275222ed4b92b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

1c228b24c7...18.exe

windows7-x64

1c228b24c7...18.exe

windows10-2004-x64

Sharing

General

Target

1c228b24c705b36c5f791d788ca3d391_JaffaCakes118
Size

292KB
Sample

240701-xl8zbatfje
MD5

1c228b24c705b36c5f791d788ca3d391
SHA1

c2e503d2c8f911e0a520d702772f96c00ab611ba
SHA256

40976619899943690686051faa55e20f8fd832677e1b543590275222ed4b92b6
SHA512

6f82a57b9ed40046a4f7d62ae7ee2c7fc875d7dbf23f342af27df9c2b63fe76c4b00fd2c8b35f1bf64b6db4ba99ae8b9661b4c3a90698e6a5d5dfa3413def0ef
SSDEEP

6144:DCHe6bLDtO3y1wqtafwGwwvP6bQ7yMP+DE8276p7zUDAddrB6:Ke4tDofw26b7MP+Dd2mNzU6V6

Score

10^/10

metasploit backdoor bootkit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1c228b24c705b36c5f791d788ca3d391_JaffaCakes118.exe

Resource

win7-20240508-en

metasploit backdoor bootkit persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c228b24c705b36c5f791d788ca3d391_JaffaCakes118.exe

Resource

win10v2004-20240508-en

metasploit backdoor trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1c228b24c705b36c5f791d788ca3d391_JaffaCakes118
- Size
  
  292KB
- MD5
  
  1c228b24c705b36c5f791d788ca3d391
- SHA1
  
  c2e503d2c8f911e0a520d702772f96c00ab611ba
- SHA256
  
  40976619899943690686051faa55e20f8fd832677e1b543590275222ed4b92b6
- SHA512
  
  6f82a57b9ed40046a4f7d62ae7ee2c7fc875d7dbf23f342af27df9c2b63fe76c4b00fd2c8b35f1bf64b6db4ba99ae8b9661b4c3a90698e6a5d5dfa3413def0ef
- SSDEEP
  
  6144:DCHe6bLDtO3y1wqtafwGwwvP6bQ7yMP+DE8276p7zUDAddrB6:Ke4tDofw26b7MP+Dd2mNzU6V6
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy