metasploit | e6cdeecd1d4522ae7cd1dab0322d228c5209cb76e45a8b6d5ec57b2d5ff6497e | Triage

Sharing

General

Target

e6cdeecd1d4522ae7cd1dab0322d228c5209cb76e45a8b6d5ec57b2d5ff6497e
Size

129KB
Sample

220516-fmptdsgfcm
MD5

a6e88ded6626b4bcdf72302efb08f7a7
SHA1

b94ca9879898b781d7e482f1d0acdf96245e0c19
SHA256

e6cdeecd1d4522ae7cd1dab0322d228c5209cb76e45a8b6d5ec57b2d5ff6497e
SHA512

e42838d965a64550cb8477a4899cecfe7f47ebdb5731fe6f7ad3268e047c325322ad31cbe32413a422f2470ceb250420f8547a2bc243aaf6364be37ea6d33a9c

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.104:4443

Targets

- Target
  
  e6cdeecd1d4522ae7cd1dab0322d228c5209cb76e45a8b6d5ec57b2d5ff6497e
- Size
  
  129KB
- MD5
  
  a6e88ded6626b4bcdf72302efb08f7a7
- SHA1
  
  b94ca9879898b781d7e482f1d0acdf96245e0c19
- SHA256
  
  e6cdeecd1d4522ae7cd1dab0322d228c5209cb76e45a8b6d5ec57b2d5ff6497e
- SHA512
  
  e42838d965a64550cb8477a4899cecfe7f47ebdb5731fe6f7ad3268e047c325322ad31cbe32413a422f2470ceb250420f8547a2bc243aaf6364be37ea6d33a9c
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan