metasploit | 8e2740916af9e933ff2afe5ce158af4220798875e18c148fa2b96530af260933 | Triage

Sharing

General

Target

8e2740916af9e933ff2afe5ce158af4220798875e18c148fa2b96530af260933
Size

124KB
Sample

221203-aw6klsda3s
MD5

529fade9b912037e65c8765d35d4b066
SHA1

108edd33406cda07d8ee2a87df8d305159aa7a25
SHA256

8e2740916af9e933ff2afe5ce158af4220798875e18c148fa2b96530af260933
SHA512

1d7d1e006786a31a10b77a2634a480e35815dc8d18d34a0d3230fefed671d7a0a5377668d71fb44cca2a69ab0a344125b865122052ba56d8a1e45431c0189c17
SSDEEP

1536:khqSYtGeGemOBKu9eL5/4weWWzmrn14z7/zstv9ScRIMU/wAGrw1e5aRLW2/:7eVwweWUmr1S7/zw1R/UYAx1GYWO

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  8e2740916af9e933ff2afe5ce158af4220798875e18c148fa2b96530af260933
- Size
  
  124KB
- MD5
  
  529fade9b912037e65c8765d35d4b066
- SHA1
  
  108edd33406cda07d8ee2a87df8d305159aa7a25
- SHA256
  
  8e2740916af9e933ff2afe5ce158af4220798875e18c148fa2b96530af260933
- SHA512
  
  1d7d1e006786a31a10b77a2634a480e35815dc8d18d34a0d3230fefed671d7a0a5377668d71fb44cca2a69ab0a344125b865122052ba56d8a1e45431c0189c17
- SSDEEP
  
  1536:khqSYtGeGemOBKu9eL5/4weWWzmrn14z7/zstv9ScRIMU/wAGrw1e5aRLW2/:7eVwweWUmr1S7/zw1R/UYAx1GYWO
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan