metasploit | 431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc | Triage

Sharing

General

Target

431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
Size

37KB
Sample

220707-3zaxbsbce9
MD5

fec69b033c89a800966467bb52a7d6ab
SHA1

8823b35777fd7470fd7e789c4005151e9622610a
SHA256

431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
SHA512

707bb6a06f5e469db3893c164a9077eb1c0748ef7186c6bbdf35e5a664a465a7d5b87eea698fdc94fd3d4483e8d2cb96b1a637dfdbd3e5b0e923fb999e07319b

Score

10^/10

metasploit backdoor persistence suricata trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
- Size
  
  37KB
- MD5
  
  fec69b033c89a800966467bb52a7d6ab
- SHA1
  
  8823b35777fd7470fd7e789c4005151e9622610a
- SHA256
  
  431ad473a3cbb1711c8d7ff70fae74dcbe5df84991bbe8b112096a967e5ba8dc
- SHA512
  
  707bb6a06f5e469db3893c164a9077eb1c0748ef7186c6bbdf35e5a664a465a7d5b87eea698fdc94fd3d4483e8d2cb96b1a637dfdbd3e5b0e923fb999e07319b
Score

10^/10

metasploit backdoor persistence suricata trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata: ET MALWARE DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
  suricata
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencesuricatatrojan

behavioral2

metasploitbackdoorpersistencesuricatatrojan