metasploit | 3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8 | Triage

Sharing

General

Target

3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8
Size

100KB
Sample

221121-sxh5tafe87
MD5

0a211a2cb79a221b59cd53fa159350d2
SHA1

9b34a62a248514dc64c1d91a0edb52fe29028a86
SHA256

3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8
SHA512

805c6c788a6cdac984278494c53e73c586f01902c9e1b5e5a5b89208ba9f710d378a97b861ba0ef19cebe3719cb93207792a9f495d23c91a15898339075859b0
SSDEEP

1536:25zsDNdr46AqK/b7xMdIi8stfIEtJxPKWgd8kNycHWf:+67K/b1Qf86xPk8kscHWf

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8
- Size
  
  100KB
- MD5
  
  0a211a2cb79a221b59cd53fa159350d2
- SHA1
  
  9b34a62a248514dc64c1d91a0edb52fe29028a86
- SHA256
  
  3361935bbe0f9d1d4fd2cd52d0dcf65e1800fab297abac7341e450b6d407e8d8
- SHA512
  
  805c6c788a6cdac984278494c53e73c586f01902c9e1b5e5a5b89208ba9f710d378a97b861ba0ef19cebe3719cb93207792a9f495d23c91a15898339075859b0
- SSDEEP
  
  1536:25zsDNdr46AqK/b7xMdIi8stfIEtJxPKWgd8kNycHWf:+67K/b1Qf86xPk8kscHWf
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan