metasploit | 31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808 | Triage

Sharing

General

Target

31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
Size

142KB
Sample

220620-wg8mbaghbl
MD5

b7920415a12a7db60121cecf1682c1bd
SHA1

d2c4bc48ae40d0479020bc91f8135d14d0deca57
SHA256

31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
SHA512

1a8930fc137a61decef7a2e3df3e6b477309278a6dae5b14b83d565873456d9987a57613bfa0c3a7a6bc05341207a376b0ffce344cf29db12f3aa385f6635de1

Score

10^/10

metasploit backdoor bootkit persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
- Size
  
  142KB
- MD5
  
  b7920415a12a7db60121cecf1682c1bd
- SHA1
  
  d2c4bc48ae40d0479020bc91f8135d14d0deca57
- SHA256
  
  31ce0d989e9f3e077c9bfc6860aed53986e32826b383cdaa4122780d7c04f808
- SHA512
  
  1a8930fc137a61decef7a2e3df3e6b477309278a6dae5b14b83d565873456d9987a57613bfa0c3a7a6bc05341207a376b0ffce344cf29db12f3aa385f6635de1
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoortrojan