metasploit | 091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680 | Triage

Sharing

General

Target

091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
Size

1019KB
Sample

221128-wp7d8aad4v
MD5

23e1926c6c38251b4cd90d4078e040e7
SHA1

b4b8a10819660a0e21cb9142cb0de1b5e0845630
SHA256

091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
SHA512

e2855adcf8d31ffda241c291603d863d139161be918ede6552ec4bebf5a8f5242c6a609c05dfef8464538ff839ac523ac1aa0963f504533ca8c887ccfce2d260
SSDEEP

24576:kxF40pkW1j5LyylNoJSpCi4p96Mu21Y6fuW+lSSZc:yF4s1joeoJSciMjv/fxGS/

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
- Size
  
  1019KB
- MD5
  
  23e1926c6c38251b4cd90d4078e040e7
- SHA1
  
  b4b8a10819660a0e21cb9142cb0de1b5e0845630
- SHA256
  
  091c58193338146a6912a2195eda06a3a491bdf6bf9ed58bb70c0e761992d680
- SHA512
  
  e2855adcf8d31ffda241c291603d863d139161be918ede6552ec4bebf5a8f5242c6a609c05dfef8464538ff839ac523ac1aa0963f504533ca8c887ccfce2d260
- SSDEEP
  
  24576:kxF40pkW1j5LyylNoJSpCi4p96Mu21Y6fuW+lSSZc:yF4s1joeoJSciMjv/fxGS/
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2