metasploit | 1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2 | Triage

Sharing

General

Target

1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
Size

738KB
Sample

220604-jpz9pahhdp
MD5

e933c74427cf653ac6e4cf3d0dd89b94
SHA1

585b3e89b1e16b58497112ee5c7c75c9b601777d
SHA256

1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
SHA512

952db528eaa6b1e88cd086062f66583c85d70b98a184d8ae26130f2b4be70db42b5a476b447078ddef174f7af9ee040edab8acef03310ff4e3a8426a89669dab

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
- Size
  
  738KB
- MD5
  
  e933c74427cf653ac6e4cf3d0dd89b94
- SHA1
  
  585b3e89b1e16b58497112ee5c7c75c9b601777d
- SHA256
  
  1138c002a361e5d7b6d39a02956689f3714864a27ae70a7064f8871204a47ed2
- SHA512
  
  952db528eaa6b1e88cd086062f66583c85d70b98a184d8ae26130f2b4be70db42b5a476b447078ddef174f7af9ee040edab8acef03310ff4e3a8426a89669dab
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2