metasploit | 17b3d6656dd5a00b260a918ea01843d9eacd99edafb7e7709082aa526d69c796 | Triage

Sharing

General

Target

17b3d6656dd5a00b260a918ea01843d9eacd99edafb7e7709082aa526d69c796
Size

124KB
Sample

220724-yg5a1aedaj
MD5

156064a8746202f13f6b1c2a7404272a
SHA1

48e7636fc4ea0e3170a5de5d979961adfec8f612
SHA256

17b3d6656dd5a00b260a918ea01843d9eacd99edafb7e7709082aa526d69c796
SHA512

0947e62030e5ab32dcc1c87d47f3d4244722139f7d7948f9410bcf0ed545906fa1ec31563a4bb5fdc5329ce0962a97fc336631ef9d5bf397a75352033a6bf21f

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

158.69.130.136:8443

Targets

- Target
  
  17b3d6656dd5a00b260a918ea01843d9eacd99edafb7e7709082aa526d69c796
- Size
  
  124KB
- MD5
  
  156064a8746202f13f6b1c2a7404272a
- SHA1
  
  48e7636fc4ea0e3170a5de5d979961adfec8f612
- SHA256
  
  17b3d6656dd5a00b260a918ea01843d9eacd99edafb7e7709082aa526d69c796
- SHA512
  
  0947e62030e5ab32dcc1c87d47f3d4244722139f7d7948f9410bcf0ed545906fa1ec31563a4bb5fdc5329ce0962a97fc336631ef9d5bf397a75352033a6bf21f
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan