metasploit | 62c2cc068a664f5357ec867d83ff772c55cb8426f7ce7bf2636957bbd449b36f | Triage

Sharing

General

Target

3df80296b4ab0962ac6611792ccbd07f
Size

1.2MB
Sample

240101-1qjrrsdgg4
MD5

3df80296b4ab0962ac6611792ccbd07f
SHA1

16122e7c3fcb9f78237873277e015981cdcce3c7
SHA256

62c2cc068a664f5357ec867d83ff772c55cb8426f7ce7bf2636957bbd449b36f
SHA512

045e740df67bf820e25979a153d0f04ff1f15a08c52668e0fe5f4aa01d238fe534dab56a43f88a24e060ce9ad4ea18d96133812d6db20a8dccf50d99de86ba5c
SSDEEP

3072:SjyCCyz8K7mI0X1sawfXSh7q/ZwEKYSP+HMpC42mPZud/OMLZCdkRc3EHgyj3:2yC99KvH5Vq/tKvwXnOMLZCpC

Score

10^/10

metasploit backdoor evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  3df80296b4ab0962ac6611792ccbd07f
- Size
  
  1.2MB
- MD5
  
  3df80296b4ab0962ac6611792ccbd07f
- SHA1
  
  16122e7c3fcb9f78237873277e015981cdcce3c7
- SHA256
  
  62c2cc068a664f5357ec867d83ff772c55cb8426f7ce7bf2636957bbd449b36f
- SHA512
  
  045e740df67bf820e25979a153d0f04ff1f15a08c52668e0fe5f4aa01d238fe534dab56a43f88a24e060ce9ad4ea18d96133812d6db20a8dccf50d99de86ba5c
- SSDEEP
  
  3072:SjyCCyz8K7mI0X1sawfXSh7q/ZwEKYSP+HMpC42mPZud/OMLZCdkRc3EHgyj3:2yC99KvH5Vq/tKvwXnOMLZCpC
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2

metasploitbackdoorevasiontrojan