metasploit | 30cb4b61563bd49db7d74d18c532ed48409cebf9d8c827b24363537c14cdd124 | Triage

Sharing

General

Target

1df2404b219f379389a6297cfb1d53fa
Size

149KB
Sample

231225-pjq2qacdf7
MD5

1df2404b219f379389a6297cfb1d53fa
SHA1

d7847a487795efd429428012a935c447e75b4040
SHA256

30cb4b61563bd49db7d74d18c532ed48409cebf9d8c827b24363537c14cdd124
SHA512

3bb8f84885777f04a1081614f0f9dfced8b97389406b908abf581b062b588872ab012fdddbb7d41e2ce690f91ee3f6d713f4047af56f35d3d7584f4619cd6dfd
SSDEEP

3072:eliUPXC8k1nJrX+fNTBf7iAT2Rc2Y7zBTLwYQbOSD12VgF:ezBkLL2NTBTiYCc2YfBISSD12V

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_winhttp

C2

https://103.129.196.29:23351/uhxeugBw/4pV-7FpcH2Huc-9yjo632Q2HkuwXDsb3zHxqqkPeP003czr_e

Targets

- Target
  
  1df2404b219f379389a6297cfb1d53fa
- Size
  
  149KB
- MD5
  
  1df2404b219f379389a6297cfb1d53fa
- SHA1
  
  d7847a487795efd429428012a935c447e75b4040
- SHA256
  
  30cb4b61563bd49db7d74d18c532ed48409cebf9d8c827b24363537c14cdd124
- SHA512
  
  3bb8f84885777f04a1081614f0f9dfced8b97389406b908abf581b062b588872ab012fdddbb7d41e2ce690f91ee3f6d713f4047af56f35d3d7584f4619cd6dfd
- SSDEEP
  
  3072:eliUPXC8k1nJrX+fNTBf7iAT2Rc2Y7zBTLwYQbOSD12VgF:ezBkLL2NTBTiYCc2YfBISSD12V
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan