metasploit | 8a4e7ac4e6c3b89e955736a4784bef669c70fbc030eebb572b2573a3c46f07b8 | Triage

Sharing

General

Target

8a4e7ac4e6c3b89e955736a4784bef669c70fbc030eebb572b2573a3c46f07b8
Size

47KB
Sample

221124-2jyssagg2s
MD5

4f6c77276d65973d23474692c9863ce0
SHA1

4588cb41ae33b3595278a099a225768bcc6971f9
SHA256

8a4e7ac4e6c3b89e955736a4784bef669c70fbc030eebb572b2573a3c46f07b8
SHA512

d6760782a844c650976de70ab116f2def4c1b9379a9fdd3cbc77096f656cbe17709636fc2b444aa6e26f16f925526a3cffd4383ff7be6fde69198e081af14da4
SSDEEP

768:lGjimLtFSJqilHHppMP+hpm0urqJwMJAHEbz0NY+akLlU0+ofr8a55NC3+A3eG:YjigFSMilnvzhA0ukhJAHC0ckz+qr8+8

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  8a4e7ac4e6c3b89e955736a4784bef669c70fbc030eebb572b2573a3c46f07b8
- Size
  
  47KB
- MD5
  
  4f6c77276d65973d23474692c9863ce0
- SHA1
  
  4588cb41ae33b3595278a099a225768bcc6971f9
- SHA256
  
  8a4e7ac4e6c3b89e955736a4784bef669c70fbc030eebb572b2573a3c46f07b8
- SHA512
  
  d6760782a844c650976de70ab116f2def4c1b9379a9fdd3cbc77096f656cbe17709636fc2b444aa6e26f16f925526a3cffd4383ff7be6fde69198e081af14da4
- SSDEEP
  
  768:lGjimLtFSJqilHHppMP+hpm0urqJwMJAHEbz0NY+akLlU0+ofr8a55NC3+A3eG:YjigFSMilnvzhA0ukhJAHC0ckz+qr8+8
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan