metasploit | 1a61e7b52cc39a37bb997f6597561033175d7a1faebb1f2950f7b27871bcd90f | Triage

Sharing

General

Target

1a61e7b52cc39a37bb997f6597561033175d7a1faebb1f2950f7b27871bcd90f
Size

100KB
Sample

221003-en8gfsggbp
MD5

616658ffdd71c9ab26b92c1d0dfda280
SHA1

14d6bd599389266014944598f02aee79c5bb9883
SHA256

1a61e7b52cc39a37bb997f6597561033175d7a1faebb1f2950f7b27871bcd90f
SHA512

491c87ba5acc43962816c96042e91f6d982e7af009e45478a5bc22fd18cdfee9e122a359589e96f1c6d3952fde592160a78ab9b80ae2f7f9d62216e8f32852d1
SSDEEP

3072:u0X1bTqY88wQXMlCUe0Nc8QsCaTJIPZhvv:bX1Pq7w0Nc8QsAZ

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.111.128:4444

Targets

- Target
  
  1a61e7b52cc39a37bb997f6597561033175d7a1faebb1f2950f7b27871bcd90f
- Size
  
  100KB
- MD5
  
  616658ffdd71c9ab26b92c1d0dfda280
- SHA1
  
  14d6bd599389266014944598f02aee79c5bb9883
- SHA256
  
  1a61e7b52cc39a37bb997f6597561033175d7a1faebb1f2950f7b27871bcd90f
- SHA512
  
  491c87ba5acc43962816c96042e91f6d982e7af009e45478a5bc22fd18cdfee9e122a359589e96f1c6d3952fde592160a78ab9b80ae2f7f9d62216e8f32852d1
- SSDEEP
  
  3072:u0X1bTqY88wQXMlCUe0Nc8QsCaTJIPZhvv:bX1Pq7w0Nc8QsAZ
Score

10^/10

metasploit backdoor trojan evasion
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoorevasiontrojan