metasploit | d43004481840ee2ca7e39afb958d048ce7f7713584aae02ac7eba016f66e5dd4 | Triage

Sharing

General

Target

d43004481840ee2ca7e39afb958d048ce7f7713584aae02ac7eba016f66e5dd4
Size

156KB
Sample

221201-g8xa2acd33
MD5

f6040b11fe6c5bf012e2f4b27b57b9d8
SHA1

d00c7ad3b152850a5e8686492ea948b32f281295
SHA256

d43004481840ee2ca7e39afb958d048ce7f7713584aae02ac7eba016f66e5dd4
SHA512

0bc42a7b30dcc46809cec48e19f85a260310f23750bbc0f8d5a57601f14e8560cb043db45a447aa8e2b3c1ac232b0aef1828c235c062b6241ad951cd8154358e
SSDEEP

1536:YRwqk/R98Tf8ts6uzPmWVyyqw3USKUV/f+yf1KLqsZTY:SkLG8tsdtK4myfcRT

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d43004481840ee2ca7e39afb958d048ce7f7713584aae02ac7eba016f66e5dd4
- Size
  
  156KB
- MD5
  
  f6040b11fe6c5bf012e2f4b27b57b9d8
- SHA1
  
  d00c7ad3b152850a5e8686492ea948b32f281295
- SHA256
  
  d43004481840ee2ca7e39afb958d048ce7f7713584aae02ac7eba016f66e5dd4
- SHA512
  
  0bc42a7b30dcc46809cec48e19f85a260310f23750bbc0f8d5a57601f14e8560cb043db45a447aa8e2b3c1ac232b0aef1828c235c062b6241ad951cd8154358e
- SSDEEP
  
  1536:YRwqk/R98Tf8ts6uzPmWVyyqw3USKUV/f+yf1KLqsZTY:SkLG8tsdtK4myfcRT
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan