metasploit | f3c45923d187a02ffac9469f65edcace142b0cefc85e9bd536900ea74a32e9e8 | Triage

Sharing

General

Target

f3c45923d187a02ffac9469f65edcace142b0cefc85e9bd536900ea74a32e9e8
Size

52KB
Sample

221206-yesjesbb5x
MD5

1fdd45c21dc7cf497867091f245e4a98
SHA1

98aa747bd12826b61272347b50c6af40ed9e0f4c
SHA256

f3c45923d187a02ffac9469f65edcace142b0cefc85e9bd536900ea74a32e9e8
SHA512

fcae80f6da193bfa533762708c6a1614c9b101050edcee9ff5ea39505e00aab954a283fd04d8068994d288e8086bfa1e8b108f4a3eb27694b6fe5d9c40d43e99
SSDEEP

768:RKMBElKgOTqFQ98bPQ0Q+nFLNvrZ+VafZr1vXX4JEmVuRQBDYIsz8X79T3v8PXIF:RuO+aSa0p1+UBdgQQB8J8X7hSYg2C8

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  f3c45923d187a02ffac9469f65edcace142b0cefc85e9bd536900ea74a32e9e8
- Size
  
  52KB
- MD5
  
  1fdd45c21dc7cf497867091f245e4a98
- SHA1
  
  98aa747bd12826b61272347b50c6af40ed9e0f4c
- SHA256
  
  f3c45923d187a02ffac9469f65edcace142b0cefc85e9bd536900ea74a32e9e8
- SHA512
  
  fcae80f6da193bfa533762708c6a1614c9b101050edcee9ff5ea39505e00aab954a283fd04d8068994d288e8086bfa1e8b108f4a3eb27694b6fe5d9c40d43e99
- SSDEEP
  
  768:RKMBElKgOTqFQ98bPQ0Q+nFLNvrZ+VafZr1vXX4JEmVuRQBDYIsz8X79T3v8PXIF:RuO+aSa0p1+UBdgQQB8J8X7hSYg2C8
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2