metasploit | dccfb91b9ab67150d375f3d7689df09e4ecfcb41377dbc66a9ca3c7906ed865f | Triage

Sharing

General

Target

dccfb91b9ab67150d375f3d7689df09e4ecfcb41377dbc66a9ca3c7906ed865f
Size

48KB
Sample

221128-xjzb4ach4w
MD5

eafd2cd4c72ba08116448e8b6a8a04a8
SHA1

987ff876000f5898c07f629561e4796f6ee93a7e
SHA256

dccfb91b9ab67150d375f3d7689df09e4ecfcb41377dbc66a9ca3c7906ed865f
SHA512

9c1134b0231ba28afe5c167658dda9ce63ea50be6f06083ed7babb7cd2773f700d1ef4cb6eac77a7ad143e2cd78d9611d83fd82500a0caec478cf872414b13de
SSDEEP

1536:L+q5CwsHgfmvCw8/aUxV0Cdebt1zcFVlSDv:L+S1u7uBV0Oc9coD

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  dccfb91b9ab67150d375f3d7689df09e4ecfcb41377dbc66a9ca3c7906ed865f
- Size
  
  48KB
- MD5
  
  eafd2cd4c72ba08116448e8b6a8a04a8
- SHA1
  
  987ff876000f5898c07f629561e4796f6ee93a7e
- SHA256
  
  dccfb91b9ab67150d375f3d7689df09e4ecfcb41377dbc66a9ca3c7906ed865f
- SHA512
  
  9c1134b0231ba28afe5c167658dda9ce63ea50be6f06083ed7babb7cd2773f700d1ef4cb6eac77a7ad143e2cd78d9611d83fd82500a0caec478cf872414b13de
- SSDEEP
  
  1536:L+q5CwsHgfmvCw8/aUxV0Cdebt1zcFVlSDv:L+S1u7uBV0Oc9coD
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan