metasploit

General

Target

12b88e4bbe28e4bbb0b942e811859bca
Size

174KB
Sample

231230-jrwz2seeem
MD5

12b88e4bbe28e4bbb0b942e811859bca
SHA1

18806215c8b0bc2479c27b5a3f3aa0f37f89e3c0
SHA256

6072b423b7d503a38eb0856de7c2e60610e656f2b77efead939d34393b1bd535
SHA512

72cb976e0af4e72844c39c2872116b633fa7d4d0313bd887f3acbdbe080ff5e2ca6b86851c11a20cde3a4490899430c515a6d8e53c627a5939e5d581fbc3cbae
SSDEEP

3072:q6zKqIoKEm4d15hQxBgJJMESIUQB5HJkDhHLfHGcu1o/ihj:7mEm4nQ0csHJktjnu1o/y

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  12b88e4bbe28e4bbb0b942e811859bca
- Size
  
  174KB
- MD5
  
  12b88e4bbe28e4bbb0b942e811859bca
- SHA1
  
  18806215c8b0bc2479c27b5a3f3aa0f37f89e3c0
- SHA256
  
  6072b423b7d503a38eb0856de7c2e60610e656f2b77efead939d34393b1bd535
- SHA512
  
  72cb976e0af4e72844c39c2872116b633fa7d4d0313bd887f3acbdbe080ff5e2ca6b86851c11a20cde3a4490899430c515a6d8e53c627a5939e5d581fbc3cbae
- SSDEEP
  
  3072:q6zKqIoKEm4d15hQxBgJJMESIUQB5HJkDhHLfHGcu1o/ihj:7mEm4nQ0csHJktjnu1o/y
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

UPX packed file

Maps connected drives based on registry

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2