metasploit | c320649e31a5029799a5fd4f915344c3c900184545bae26811d9f9e7c803dfe3 | Triage

Sharing

General

Target

c320649e31a5029799a5fd4f915344c3c900184545bae26811d9f9e7c803dfe3
Size

1.1MB
Sample

221107-thk7asfae5
MD5

0dd1b11900bce8cf01e877e97348d59e
SHA1

bc48a059a72ada65f10e0660d0f6b50fa6c392da
SHA256

c320649e31a5029799a5fd4f915344c3c900184545bae26811d9f9e7c803dfe3
SHA512

89a50fb10270e36ef930988a78adc32254b5e411ff26c6d97dcc11466bc658ac203a9dd398aed0eca0659c128b7417893be96c3bbf1cfaafee713eeeecbcfaa7
SSDEEP

1536:QejIoZm4+RRyokYMMHYirCX7QTW3j/VFVi/MV2CJMfd:QejIoZJdorMM5rm7CW3j/j4SA

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  c320649e31a5029799a5fd4f915344c3c900184545bae26811d9f9e7c803dfe3
- Size
  
  1.1MB
- MD5
  
  0dd1b11900bce8cf01e877e97348d59e
- SHA1
  
  bc48a059a72ada65f10e0660d0f6b50fa6c392da
- SHA256
  
  c320649e31a5029799a5fd4f915344c3c900184545bae26811d9f9e7c803dfe3
- SHA512
  
  89a50fb10270e36ef930988a78adc32254b5e411ff26c6d97dcc11466bc658ac203a9dd398aed0eca0659c128b7417893be96c3bbf1cfaafee713eeeecbcfaa7
- SSDEEP
  
  1536:QejIoZm4+RRyokYMMHYirCX7QTW3j/VFVi/MV2CJMfd:QejIoZJdorMM5rm7CW3j/j4SA
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan