metasploit | 249547e5e8753cb4514c6cc7528769c222c950779e7e347ea030fd9806b19cd1 | Triage

Sharing

General

Target

249547e5e8753cb4514c6cc7528769c222c950779e7e347ea030fd9806b19cd1
Size

80KB
Sample

220611-1q1ehshgdr
MD5

b19f93535507e9a4c81b5c24a36fe61e
SHA1

d3c70e2c4ee810c22ef228afcd854d897304093c
SHA256

249547e5e8753cb4514c6cc7528769c222c950779e7e347ea030fd9806b19cd1
SHA512

134f0c7beb8d954f106b81b58dcb6cbb01dcfb959ad213bc406cb6df25a136725b52b59e7dfe54d20254899cfaccdaecd8d888069f063b449567db83b9072425

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  249547e5e8753cb4514c6cc7528769c222c950779e7e347ea030fd9806b19cd1
- Size
  
  80KB
- MD5
  
  b19f93535507e9a4c81b5c24a36fe61e
- SHA1
  
  d3c70e2c4ee810c22ef228afcd854d897304093c
- SHA256
  
  249547e5e8753cb4514c6cc7528769c222c950779e7e347ea030fd9806b19cd1
- SHA512
  
  134f0c7beb8d954f106b81b58dcb6cbb01dcfb959ad213bc406cb6df25a136725b52b59e7dfe54d20254899cfaccdaecd8d888069f063b449567db83b9072425
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan