metasploit | 720f4aaaf0025efe267c870a293e418e964ebce84c8cd48173a90f35bfae2404 | Triage

Sharing

General

Target

525cdf884cc6249aed4349cb5f6ae90a
Size

52KB
Sample

240111-dkk2baecc7
MD5

525cdf884cc6249aed4349cb5f6ae90a
SHA1

40e73ef87d4a3c5c4ddbab4a08480e229ed072d5
SHA256

720f4aaaf0025efe267c870a293e418e964ebce84c8cd48173a90f35bfae2404
SHA512

dbec2bcfdf9b0509f42f37968a7fbe6da4bdd49820a7af3edfa605a6333a5237c19a03f142013163d951180676b09b43386ee806db2cff6b4d5888615201e38d
SSDEEP

768:qVjgo/y8uAX5OT6kwonP9iN5dpy6TlFDu6YDd3QAwgjpWfhwiYsOR:KpOTflnliN5dLDibdlwgQfhusOR

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  525cdf884cc6249aed4349cb5f6ae90a
- Size
  
  52KB
- MD5
  
  525cdf884cc6249aed4349cb5f6ae90a
- SHA1
  
  40e73ef87d4a3c5c4ddbab4a08480e229ed072d5
- SHA256
  
  720f4aaaf0025efe267c870a293e418e964ebce84c8cd48173a90f35bfae2404
- SHA512
  
  dbec2bcfdf9b0509f42f37968a7fbe6da4bdd49820a7af3edfa605a6333a5237c19a03f142013163d951180676b09b43386ee806db2cff6b4d5888615201e38d
- SSDEEP
  
  768:qVjgo/y8uAX5OT6kwonP9iN5dpy6TlFDu6YDd3QAwgjpWfhwiYsOR:KpOTflnliN5dLDibdlwgQfhusOR
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan