metasploit | 79a1d293787ec7364bd0749ee4bf817cadd49255ed82075b091d84cc6e005e1b | Triage

Sharing

General

Target

c.ps1
Size

949B
Sample

230721-v512psgc9z
MD5

3ddd346e351a6f8403679df34db1f5a2
SHA1

500e8abf1f075d06ef5a60648b9c866bfa816798
SHA256

79a1d293787ec7364bd0749ee4bf817cadd49255ed82075b091d84cc6e005e1b
SHA512

6e0d790ba5d55e9f43defd85a00581049d07f6d9037f18ba01663d0d2c64a51431ebe4c2566f349ba4b0f242342f1014d548ab027fb73191a67456c6fbd922e3

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

45.153.241.2:999

Targets

- Target
  
  c.ps1
- Size
  
  949B
- MD5
  
  3ddd346e351a6f8403679df34db1f5a2
- SHA1
  
  500e8abf1f075d06ef5a60648b9c866bfa816798
- SHA256
  
  79a1d293787ec7364bd0749ee4bf817cadd49255ed82075b091d84cc6e005e1b
- SHA512
  
  6e0d790ba5d55e9f43defd85a00581049d07f6d9037f18ba01663d0d2c64a51431ebe4c2566f349ba4b0f242342f1014d548ab027fb73191a67456c6fbd922e3
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan