metasploit | f930f4bdea093f91a1a7909b3111fedb2128785d4de4db22ec6762250938ef38 | Triage

Sharing

General

Target

rWFZor.vbs
Size

97KB
Sample

221107-cj4xcsehem
MD5

74bc268119c4dd4fe4bb715a542e56de
SHA1

a60b136d2a791497c910c7451e65ea99792e0051
SHA256

f930f4bdea093f91a1a7909b3111fedb2128785d4de4db22ec6762250938ef38
SHA512

a23b94359bb5e89f19fc1f386ee05d975f1ff023b0d2f21a17e4c4c9154dbafad36798e3e09a5c1b645f76293b808771d96c8ce6ca82eda0c13dc75f0940c6fe
SSDEEP

1536:QMstorIFW4SNenvvMcViSwmPkCXUl5E1DZhoeAWAhxnU4YNHmKNBKMwND:Q3oMp8eMYiUkUGhnYkKN+

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://45.61.138.109:10441/ufYNlNeSkHpBekB7IhjpDwZph5jxVw08LQvaTApy_ueiWZSZQkQQQX_voTdk0sPj9

Targets

- Target
  
  rWFZor.vbs
- Size
  
  97KB
- MD5
  
  74bc268119c4dd4fe4bb715a542e56de
- SHA1
  
  a60b136d2a791497c910c7451e65ea99792e0051
- SHA256
  
  f930f4bdea093f91a1a7909b3111fedb2128785d4de4db22ec6762250938ef38
- SHA512
  
  a23b94359bb5e89f19fc1f386ee05d975f1ff023b0d2f21a17e4c4c9154dbafad36798e3e09a5c1b645f76293b808771d96c8ce6ca82eda0c13dc75f0940c6fe
- SSDEEP
  
  1536:QMstorIFW4SNenvvMcViSwmPkCXUl5E1DZhoeAWAhxnU4YNHmKNBKMwND:Q3oMp8eMYiUkUGhnYkKN+
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan