metasploit | 4a959711034c61595815416f395941e167dfa6d26869414ca78512c7a1f1b0d9 | Triage

Sharing

General

Target

64.exe
Size

119KB
Sample

230817-v81kcabd54
MD5

fece896351e7f582e4992e9e595f4cf5
SHA1

9bb5820af40e2ea582c40610d9f14cc7f38faa1e
SHA256

4a959711034c61595815416f395941e167dfa6d26869414ca78512c7a1f1b0d9
SHA512

66d4f65abc4dfb8a8bbd112759275f4710187195f3644a0c6a556087aeaee249ad138e252494c18f90c8d1518b5f0385ade2904ce0f2c1f34101beb90d1e1d32
SSDEEP

1536:QTr1kERVfkP6Ttdt3NIEzK1I0ZPwZONcBsYvIch8RwW0IHAufngutNbyaxuO/Y9p:QvmEnSWdFNI1hRqORp4ujtm

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

173.212.219.45:6006

Targets

- Target
  
  64.exe
- Size
  
  119KB
- MD5
  
  fece896351e7f582e4992e9e595f4cf5
- SHA1
  
  9bb5820af40e2ea582c40610d9f14cc7f38faa1e
- SHA256
  
  4a959711034c61595815416f395941e167dfa6d26869414ca78512c7a1f1b0d9
- SHA512
  
  66d4f65abc4dfb8a8bbd112759275f4710187195f3644a0c6a556087aeaee249ad138e252494c18f90c8d1518b5f0385ade2904ce0f2c1f34101beb90d1e1d32
- SSDEEP
  
  1536:QTr1kERVfkP6Ttdt3NIEzK1I0ZPwZONcBsYvIch8RwW0IHAufngutNbyaxuO/Y9p:QvmEnSWdFNI1hRqORp4ujtm
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan