metasploit | b71a19618582e3820d4c6f184180eca70e097fbd4b35bae3615e99651d97d9e2 | Triage

Sharing

General

Target

tmp
Size

128KB
Sample

230819-xst4qsdc91
MD5

2b5c5ac56b819bd05ab3151efc814303
SHA1

9e4cb9c54e4243998d6c9c1916ac147741c21382
SHA256

b71a19618582e3820d4c6f184180eca70e097fbd4b35bae3615e99651d97d9e2
SHA512

543129bb5543460735a1b12e7b828532bf95277a24e6be5cb1675c0281bb65913f7c51b6e4bf3f162ea11f044bfd0239c51c74d80747c595b392eaf8023419e5
SSDEEP

1536:ju2Jqy4AutHymEUGwFBP3Dp7+MO11U3NsVGlJ:Rqy4AutHLVUBsRlJ

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://vms.h4ck0ps.cc:8181/lLCGJlVNxPkoOSk4TOsBzgZtRiWWm

Targets

- Target
  
  tmp
- Size
  
  128KB
- MD5
  
  2b5c5ac56b819bd05ab3151efc814303
- SHA1
  
  9e4cb9c54e4243998d6c9c1916ac147741c21382
- SHA256
  
  b71a19618582e3820d4c6f184180eca70e097fbd4b35bae3615e99651d97d9e2
- SHA512
  
  543129bb5543460735a1b12e7b828532bf95277a24e6be5cb1675c0281bb65913f7c51b6e4bf3f162ea11f044bfd0239c51c74d80747c595b392eaf8023419e5
- SSDEEP
  
  1536:ju2Jqy4AutHymEUGwFBP3Dp7+MO11U3NsVGlJ:Rqy4AutHLVUBsRlJ
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan