metasploit | b22d3bb6a0f6661970bfeb1fe03b9cfd148bb3c0b5a7cf7bdd252f5abfc360a7 | Triage

Sharing

General

Target

0011b9cd240249c3aeb520ea1205eaf1.jpg
Size

861KB
Sample

220512-tqg5lsedgp
MD5

a145be6638603eddb739eddc9404f2e3
SHA1

c38146cbb3c746824c1e827921cdf03bfd19d8a9
SHA256

b22d3bb6a0f6661970bfeb1fe03b9cfd148bb3c0b5a7cf7bdd252f5abfc360a7
SHA512

cf805f5eb3f832fd1fe583a7ceab1e409ea17eb72b6c97076ce8f01c473b67b8bc79d90538338f5a0b398f27f06ffd5e4f99ec0e7f2bae26b98380cf0d529f02

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://npc.xinchen.space:25565/jquery-3.3.1.slim.min.js

http://c=:25565/jquery-3.3.1.slim.min.js

Targets

- Target
  
  0011b9cd240249c3aeb520ea1205eaf1.jpg
- Size
  
  861KB
- MD5
  
  a145be6638603eddb739eddc9404f2e3
- SHA1
  
  c38146cbb3c746824c1e827921cdf03bfd19d8a9
- SHA256
  
  b22d3bb6a0f6661970bfeb1fe03b9cfd148bb3c0b5a7cf7bdd252f5abfc360a7
- SHA512
  
  cf805f5eb3f832fd1fe583a7ceab1e409ea17eb72b6c97076ce8f01c473b67b8bc79d90538338f5a0b398f27f06ffd5e4f99ec0e7f2bae26b98380cf0d529f02
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2