metasploit | 8aefc82492e161b8347318fae06807233482603e551b0be652e6659ed6f97f0e | Triage

Sharing

General

Target

96bf71ea4fb7cf8a58cbd80b1336936a
Size

157KB
Sample

240212-knwqjsah54
MD5

96bf71ea4fb7cf8a58cbd80b1336936a
SHA1

1de84e5e30841135612c982d2739eeae85a1b5db
SHA256

8aefc82492e161b8347318fae06807233482603e551b0be652e6659ed6f97f0e
SHA512

0ee51e76325b67afe6e502460b352b7d7ae70734041d9ad6f1ab117d151ddfea20d49cd049149bfc078ce8a544e5a102239b0636fd08f6b1197b736a484d4aff
SSDEEP

3072:uj+apctAZxvGi3GcY/kIPHDvsL4K40RQH/Z4/GQQxeeXfFeFYOdzt:uiokArpY/k+DUEIRQfZ4PmH9eFp1

Score

10^/10

metasploit backdoor persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Targets

- Target
  
  96bf71ea4fb7cf8a58cbd80b1336936a
- Size
  
  157KB
- MD5
  
  96bf71ea4fb7cf8a58cbd80b1336936a
- SHA1
  
  1de84e5e30841135612c982d2739eeae85a1b5db
- SHA256
  
  8aefc82492e161b8347318fae06807233482603e551b0be652e6659ed6f97f0e
- SHA512
  
  0ee51e76325b67afe6e502460b352b7d7ae70734041d9ad6f1ab117d151ddfea20d49cd049149bfc078ce8a544e5a102239b0636fd08f6b1197b736a484d4aff
- SSDEEP
  
  3072:uj+apctAZxvGi3GcY/kIPHDvsL4K40RQH/Z4/GQQxeeXfFeFYOdzt:uiokArpY/k+DUEIRQfZ4PmH9eFp1
Score

10^/10

metasploit backdoor persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojan

behavioral2

metasploitbackdoorpersistencetrojan