metasploit | 1421260042d8f5f46f8e37e2efa0d1b21391cc6f3fe826dce10549f9c399df47 | Triage

Sharing

General

Target

1421260042d8f5f46f8e37e2efa0d1b21391cc6f3fe826dce10549f9c399df47
Size

255KB
Sample

220512-xvndzahad4
MD5

05dfc0a684be42b4dcd524f238744869
SHA1

16cd0520e989d386708b5c561f20b0867917d3d6
SHA256

1421260042d8f5f46f8e37e2efa0d1b21391cc6f3fe826dce10549f9c399df47
SHA512

47f7fb910d4b3c8be5c922371bed2e18961d610b5a6504fe70cbb773cb5ed2e92e9a33f9b63b9fc8c306dc7fcee6880eacf355e6765eb4993967f857bd049617

Score

10^/10

metasploit backdoor bootkit persistence trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  1421260042d8f5f46f8e37e2efa0d1b21391cc6f3fe826dce10549f9c399df47
- Size
  
  255KB
- MD5
  
  05dfc0a684be42b4dcd524f238744869
- SHA1
  
  16cd0520e989d386708b5c561f20b0867917d3d6
- SHA256
  
  1421260042d8f5f46f8e37e2efa0d1b21391cc6f3fe826dce10549f9c399df47
- SHA512
  
  47f7fb910d4b3c8be5c922371bed2e18961d610b5a6504fe70cbb773cb5ed2e92e9a33f9b63b9fc8c306dc7fcee6880eacf355e6765eb4993967f857bd049617
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoorbootkitpersistencetrojan