metasploit | 25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945 | Triage

Sharing

General

Target

25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
Size

143KB
Sample

220611-w1pcsabdck
MD5

88ae0425866fbbdd68c640cdaac784b7
SHA1

a375d487c7c199afe7aba81c8b57727354d54265
SHA256

25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
SHA512

ceb59b6bf7b41de9378d6c1ec0c4b59d150c10641364c0ca21a6338e8fe4df49d48db9f9b54c730a4f56fb6509205c9455d8bd5f7f3a0bdf9300fb8be59a2a24

Score

10^/10

metasploit backdoor bootkit persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
- Size
  
  143KB
- MD5
  
  88ae0425866fbbdd68c640cdaac784b7
- SHA1
  
  a375d487c7c199afe7aba81c8b57727354d54265
- SHA256
  
  25aae09e0b4117e7f5ab81b54d8800e029e55253a089e74002f2e00934ccb945
- SHA512
  
  ceb59b6bf7b41de9378d6c1ec0c4b59d150c10641364c0ca21a6338e8fe4df49d48db9f9b54c730a4f56fb6509205c9455d8bd5f7f3a0bdf9300fb8be59a2a24
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoortrojan