metasploit | 44b65f19cc2ad9f897269fb9b02b9266718e9bd911e67ca0fb48b638d3627a6c | Triage

Resubmissions

06-07-2023 13:09

230706-qd2fyabd26 10

05-07-2023 21:56

230705-1thnwaga69 10

Sharing

General

Target

script.vbs
Size

221B
Sample

230705-1thnwaga69
MD5

d97066e13423d249fdceadb62db460e0
SHA1

a66e46efa956d7f6925d61fcc4115da0100813f5
SHA256

44b65f19cc2ad9f897269fb9b02b9266718e9bd911e67ca0fb48b638d3627a6c
SHA512

3c236d7360e7054899d8b0986dc78df27fe2b830d1452740019ab23e2f4ab0e599b4663bf66fdceddb0c3b911b32e16191d61e2807911750322066b79b522083

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://94.131.108.208:8000/fetcher

Extracted

Family

metasploit

Version

metasploit_stager

C2

94.131.108.208:8443

Targets

- Target
  
  script.vbs
- Size
  
  221B
- MD5
  
  d97066e13423d249fdceadb62db460e0
- SHA1
  
  a66e46efa956d7f6925d61fcc4115da0100813f5
- SHA256
  
  44b65f19cc2ad9f897269fb9b02b9266718e9bd911e67ca0fb48b638d3627a6c
- SHA512
  
  3c236d7360e7054899d8b0986dc78df27fe2b830d1452740019ab23e2f4ab0e599b4663bf66fdceddb0c3b911b32e16191d61e2807911750322066b79b522083
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan