metasploit | ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c | Triage

Sharing

General

Target

ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
Size

389KB
Sample

221130-3pg8nafb45
MD5

02984b3ec95b117aa39b5a46df1cea45
SHA1

a3bcefb6e9ab7796b1bf6249f253b9557ba956d6
SHA256

ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
SHA512

a84be4ca42fe9c19b2514ffb776967de11995a8c28a62faccf0d3d7334575e7019cfffbd6ea5bdebac49b9e66d408c25c4f83f948ca6020516c3094a48249f97
SSDEEP

6144:uYht8wYFtzzzBKjA8wdd7vCDOFCfih6GUlXDu5Lw0y25I3UXwIa1dapr:uaYFt3zBqXY5CDwFcH9Dl9j3UXz6yr

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
- Size
  
  389KB
- MD5
  
  02984b3ec95b117aa39b5a46df1cea45
- SHA1
  
  a3bcefb6e9ab7796b1bf6249f253b9557ba956d6
- SHA256
  
  ab5f3bb2a4f3e1c6539e0f153941a5c5f0722dd2dc8ef591436e549bbc0a266c
- SHA512
  
  a84be4ca42fe9c19b2514ffb776967de11995a8c28a62faccf0d3d7334575e7019cfffbd6ea5bdebac49b9e66d408c25c4f83f948ca6020516c3094a48249f97
- SSDEEP
  
  6144:uYht8wYFtzzzBKjA8wdd7vCDOFCfih6GUlXDu5Lw0y25I3UXwIa1dapr:uaYFt3zBqXY5CDwFcH9Dl9j3UXz6yr
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2