metasploit | 112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8 | Triage

Sharing

General

Target

112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
Size

48KB
Sample

220604-krn5wacagj
MD5

3a59d45ff99888ef3eda7595c10e295a
SHA1

2e41ca17e9549244d314fd287aeb159748d261f7
SHA256

112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
SHA512

890fb4cc5c73b84f52a2b3f1fc125200a5e1eee4aec39739814e923ad53f7c5397d0655a30a87d3b990482fae27930389d9663d9121e7b2008bd691ee8f18d92

Score

10^/10

metasploit backdoor persistence suricata trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
- Size
  
  48KB
- MD5
  
  3a59d45ff99888ef3eda7595c10e295a
- SHA1
  
  2e41ca17e9549244d314fd287aeb159748d261f7
- SHA256
  
  112626c80723081de153623493adad8068d5b27497edf13dab5ed905bc3368e8
- SHA512
  
  890fb4cc5c73b84f52a2b3f1fc125200a5e1eee4aec39739814e923ad53f7c5397d0655a30a87d3b990482fae27930389d9663d9121e7b2008bd691ee8f18d92
Score

10^/10

metasploit backdoor persistence suricata trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencesuricatatrojan

behavioral2

metasploitbackdoorpersistencesuricatatrojan