metasploit | 9688f68fdce40e34f18156a1f3ce894b863ae8ea80c516b9ba92799bf1533e42 | Triage

Sharing

General

Target

38.exe
Size

23KB
Sample

230614-lql5kaff37
MD5

0066fb1a86e5848ca5e043e252b3a040
SHA1

cc39431161e86a93362f335ab39e6ca5f0a238b7
SHA256

9688f68fdce40e34f18156a1f3ce894b863ae8ea80c516b9ba92799bf1533e42
SHA512

a101a538af759bd14203745e26ee98d2023ebb7039d5dec9068f75119ed1dba0f6b1758ab94e0c18899def479188789347ebbf8c14d19675697fdd47d13dce3c
SSDEEP

384:QCCdmp4rCmTRmGJCfjnlfXGXaX7zycBFCiaVVdITODeSzWxCisRtZRFjq8DrVC3C:QCCyMR3JCrGccd1eYPv7Znjb0Gt

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

91.240.118.207:8080

Targets

- Target
  
  38.exe
- Size
  
  23KB
- MD5
  
  0066fb1a86e5848ca5e043e252b3a040
- SHA1
  
  cc39431161e86a93362f335ab39e6ca5f0a238b7
- SHA256
  
  9688f68fdce40e34f18156a1f3ce894b863ae8ea80c516b9ba92799bf1533e42
- SHA512
  
  a101a538af759bd14203745e26ee98d2023ebb7039d5dec9068f75119ed1dba0f6b1758ab94e0c18899def479188789347ebbf8c14d19675697fdd47d13dce3c
- SSDEEP
  
  384:QCCdmp4rCmTRmGJCfjnlfXGXaX7zycBFCiaVVdITODeSzWxCisRtZRFjq8DrVC3C:QCCyMR3JCrGccd1eYPv7Znjb0Gt
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan