metasploit | a01a676d674665bfc15a5f593b135957f0585e9d16919ab25ae2103912072f89

Analysis

max time kernel
146s
max time network
135s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
06-05-2023 06:46

Target

pwer
Size

1KB
MD5

997c9f285c57a5e808cbfed36443d23d
SHA1

f73a6d5d17c51abbd47674e4ca2dcfb4aadf735b
SHA256

a01a676d674665bfc15a5f593b135957f0585e9d16919ab25ae2103912072f89
SHA512

97ee4563f73534b0db8be042e7da6709a418fc8b494ece05028310adc287f7f389a344f8cb2011e48686ae084057855aa8414baa841dd1bcb620f7c3ce99773b

Score

10^/10

Family

metasploit

Version

encoder/shikata_ga_nai

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral1/files/fstream-3.dat	family_xmrig
behavioral1/files/fstream-3.dat	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs

Checks CPU information for indicators that the system is a virtual machine.

Virtualization/Sandbox Evasion

description	ioc	Process
File opened for reading	/proc/cpuinfo	sshd

Creates/modifies Cron job 1 TTPs 5 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Scheduled Task

description	ioc	Process
File opened for modification	/etc/crontab	sh
File opened for modification	/etc/crontab	sh
File opened for modification	/var/spool/cron/crontabs/tmp.EzSAWd	crontab
File opened for modification	/var/spool/cron/crontabs/tmp.xpz3Qo	crontab
File opened for modification	/var/spool/cron/crontabs/tmp.eNDH7k	crontab

Executes dropped EXE 9 IoCs