metasploit | 191bd1fa383ec90337de27de9212572e710b44944cb67c3c923852a16c3783db | Triage

Sharing

General

Target

evil.hta
Size

28KB
Sample

201123-nc8vj16k8e
MD5

05fd981b5e82d5060701f064abb4e42d
SHA1

5073ea76853a70b2332096bbc800525025a2e527
SHA256

191bd1fa383ec90337de27de9212572e710b44944cb67c3c923852a16c3783db
SHA512

f8e28526beca600c8d0d625f7a716a4ffe663b9c48d2016c33e94257bbc312c09c40ccc5c1055d433330607a96d35f25a8ced1f2d1e62344abf3ba49feb89328

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://45.138.172.81:443/m6Ip

Targets

- Target
  
  evil.hta
- Size
  
  28KB
- MD5
  
  05fd981b5e82d5060701f064abb4e42d
- SHA1
  
  5073ea76853a70b2332096bbc800525025a2e527
- SHA256
  
  191bd1fa383ec90337de27de9212572e710b44944cb67c3c923852a16c3783db
- SHA512
  
  f8e28526beca600c8d0d625f7a716a4ffe663b9c48d2016c33e94257bbc312c09c40ccc5c1055d433330607a96d35f25a8ced1f2d1e62344abf3ba49feb89328
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan