metasploit | 55b67cdd7e82e6b2d2e908c8ab51b3a88b2b6a9ad1e382980b3c792ab916a16e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55b67cdd7e82e6b2d2e908c8ab51b3a88b2b6a9ad1e382980b3c792ab916a16e
Size

283KB
Sample

221204-mr94fsfb3z
MD5

0d08b2a95f7f799d263b28387e079710
SHA1

811c44dad6ec36198a1c5c237aeb5b610de1400d
SHA256

55b67cdd7e82e6b2d2e908c8ab51b3a88b2b6a9ad1e382980b3c792ab916a16e
SHA512

ba2f81b03349e07caa01b56ff71b57d3a446f10bbe0b22bc7846928367636cf8e2669beb8316b838b1117d7457c884a3deee6deeba2dfde3843566c47d52c21d
SSDEEP

6144:TWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ:6cvgLARDI1KIOzO

Score

10^/10

metasploit persistence

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

196.219.94.142:6666

Targets

- Target
  
  55b67cdd7e82e6b2d2e908c8ab51b3a88b2b6a9ad1e382980b3c792ab916a16e
- Size
  
  283KB
- MD5
  
  0d08b2a95f7f799d263b28387e079710
- SHA1
  
  811c44dad6ec36198a1c5c237aeb5b610de1400d
- SHA256
  
  55b67cdd7e82e6b2d2e908c8ab51b3a88b2b6a9ad1e382980b3c792ab916a16e
- SHA512
  
  ba2f81b03349e07caa01b56ff71b57d3a446f10bbe0b22bc7846928367636cf8e2669beb8316b838b1117d7457c884a3deee6deeba2dfde3843566c47d52c21d
- SSDEEP
  
  6144:TWK8fc2liXmrLxcdRDLiH1vVRGVOhMp421/7YQ:6cvgLARDI1KIOzO
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2