metasploit

General

Target

1a5dd4819514dae8141c64bc8a0c528f1a711095851b1f8b211af415ae23d8b9
Size

131KB
Sample

220510-wc9ntadgf3
MD5

f5efad97f71f19cfd610bb7fdfe8ecf8
SHA1

335913f9c61da17651a0ed2f77c77b3c8f41cc3c
SHA256

1a5dd4819514dae8141c64bc8a0c528f1a711095851b1f8b211af415ae23d8b9
SHA512

6db7c0c705e45f5369d09e77c9765295c5191dac33349732a714b0f129a4738cb438df68ecdb594183d7af485f7951445f0e6eab850958c78a26a9ac0fc4801c

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.1.104:4443/v0AN8TOvv2P2E_cSqWG3MQ5b2jDU-HfkcnNEr0A3pZt6RnTB7nalaFCx8AuPNaODsWoxgz1bIIkQ04DLz7TCPCebzRsf0I6MYwNMMhcDs_OFT9oUvkterrRPFcARtNu9Qdu1vqbAlzNO6vGF5aG5

Targets

- Target
  
  1a5dd4819514dae8141c64bc8a0c528f1a711095851b1f8b211af415ae23d8b9
- Size
  
  131KB
- MD5
  
  f5efad97f71f19cfd610bb7fdfe8ecf8
- SHA1
  
  335913f9c61da17651a0ed2f77c77b3c8f41cc3c
- SHA256
  
  1a5dd4819514dae8141c64bc8a0c528f1a711095851b1f8b211af415ae23d8b9
- SHA512
  
  6db7c0c705e45f5369d09e77c9765295c5191dac33349732a714b0f129a4738cb438df68ecdb594183d7af485f7951445f0e6eab850958c78a26a9ac0fc4801c
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2