metasploit | a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1 | Triage

Sharing

General

Target

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1
Size

1.8MB
Sample

220625-lzjqsshgg8
MD5

d82cf866082b643af2e30bc6e2d2b5d5
SHA1

e4a416739bbde89e3fe7d613e6d421c282f2a22d
SHA256

a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1
SHA512

b71ff0d14b59877dca3bf45a164b7d93a23e48520e055a1f7b25a021a257871633a5ec99182f65425b47f78b1e4020bd4d031299e4586ea22ba07e0c83339de4

Score

10^/10

metasploit backdoor evasion persistence trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

193.37.213.221:56300

Targets

- Target
  
  a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1
- Size
  
  1.8MB
- MD5
  
  d82cf866082b643af2e30bc6e2d2b5d5
- SHA1
  
  e4a416739bbde89e3fe7d613e6d421c282f2a22d
- SHA256
  
  a87fb882e248d4091541cd355ed3227801d014d83051f610edf08ac0c7a964a1
- SHA512
  
  b71ff0d14b59877dca3bf45a164b7d93a23e48520e055a1f7b25a021a257871633a5ec99182f65425b47f78b1e4020bd4d031299e4586ea22ba07e0c83339de4
Score

10^/10

metasploit backdoor evasion persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Stops running service(s)
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Impair Defenses

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

metasploitbackdoorevasionpersistencetrojan

behavioral2

metasploitbackdoorevasionpersistencetrojan