metasploit | 52d6a3c4fa56f1262d9c72fff59d3ce05b0844fb6ec63da498af06f9f2f86654 | Triage

Sharing

General

Target

52d6a3c4fa56f1262d9c72fff59d3ce05b0844fb6ec63da498af06f9f2f86654
Size

244KB
Sample

220717-b54ytaahg2
MD5

ef08c4b337a4aee8adabbd4d9197566f
SHA1

d6739a74ec4c85de2170b2d57ffe61cf3fffc6b7
SHA256

52d6a3c4fa56f1262d9c72fff59d3ce05b0844fb6ec63da498af06f9f2f86654
SHA512

875206f79b7bcffbf55f03a439bf71dff8c1d4bfb0efa6d8a92745c5777867599a5fb1e444ac9c077b76f83aab0f9b42d53c2a1232904299c8956a420a1fe113

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  52d6a3c4fa56f1262d9c72fff59d3ce05b0844fb6ec63da498af06f9f2f86654
- Size
  
  244KB
- MD5
  
  ef08c4b337a4aee8adabbd4d9197566f
- SHA1
  
  d6739a74ec4c85de2170b2d57ffe61cf3fffc6b7
- SHA256
  
  52d6a3c4fa56f1262d9c72fff59d3ce05b0844fb6ec63da498af06f9f2f86654
- SHA512
  
  875206f79b7bcffbf55f03a439bf71dff8c1d4bfb0efa6d8a92745c5777867599a5fb1e444ac9c077b76f83aab0f9b42d53c2a1232904299c8956a420a1fe113
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan