metasploit | ce3192be8f92aa45a3ae8ee8fcdc5d252c758d3b2f49205d6b0b9c10d9dabfde | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce3192be8f92aa45a3ae8ee8fcdc5d252c758d3b2f49205d6b0b9c10d9dabfde
Size

81KB
Sample

221030-hwd5cshfcr
MD5

9303d8e8eb3c1de2a374e57183ddfe50
SHA1

9b13b3590ada17cc13b827ad8ea849744dfb9149
SHA256

ce3192be8f92aa45a3ae8ee8fcdc5d252c758d3b2f49205d6b0b9c10d9dabfde
SHA512

4766f1e7f6261931e7e31eebdcf87861f1c62b7131cb013848e0fe8caf794931af70ff9acec3ada5bf5cd4b160e2c1242ae17161014e7b0d848d2c95671d73d3
SSDEEP

1536:wYkOABadF/rhfKVIvCg1e+AmD8gh4tw0BRXiAYbSOHnT0kHh+frVBg:wXmF/rhfNCgM9mAhpRXZYdnI4SV+

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  ce3192be8f92aa45a3ae8ee8fcdc5d252c758d3b2f49205d6b0b9c10d9dabfde
- Size
  
  81KB
- MD5
  
  9303d8e8eb3c1de2a374e57183ddfe50
- SHA1
  
  9b13b3590ada17cc13b827ad8ea849744dfb9149
- SHA256
  
  ce3192be8f92aa45a3ae8ee8fcdc5d252c758d3b2f49205d6b0b9c10d9dabfde
- SHA512
  
  4766f1e7f6261931e7e31eebdcf87861f1c62b7131cb013848e0fe8caf794931af70ff9acec3ada5bf5cd4b160e2c1242ae17161014e7b0d848d2c95671d73d3
- SSDEEP
  
  1536:wYkOABadF/rhfKVIvCg1e+AmD8gh4tw0BRXiAYbSOHnT0kHh+frVBg:wXmF/rhfNCgM9mAhpRXZYdnI4SV+
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan