metasploit | bf1d51d0010255cf65f472e4b694835f0b9535c2c60893793b3cbcb03cb5ccf9 | Triage

Sharing

General

Target

2024-03-28_f2a6edc074f432a36432fb4f6cce6f88_icedid
Size

6.3MB
Sample

240328-b2vkzacf9t
MD5

f2a6edc074f432a36432fb4f6cce6f88
SHA1

df9232bdfa7cd10bd399e41fb99ff6bf6d18583c
SHA256

bf1d51d0010255cf65f472e4b694835f0b9535c2c60893793b3cbcb03cb5ccf9
SHA512

763ba4ede0453180c4cc3a63ed41f29ebed5ce9f5e0743d5cf78eae83e40553b858dd6d0b882b0229a220f93efd271e17cb1c828cf58ad0c8fb6d9ce792a3a5c
SSDEEP

98304:5qJbc5xtz+kl/m5aifMc/PKkuExnaZ/l+7Y1rtJKCg8:UJk+y/m0ifVKkbaZ/l+7Y1rtECg8

Score

10^/10

metasploit backdoor discovery spyware stealer trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

106.55.7.254:11112

Targets

- Target
  
  2024-03-28_f2a6edc074f432a36432fb4f6cce6f88_icedid
- Size
  
  6.3MB
- MD5
  
  f2a6edc074f432a36432fb4f6cce6f88
- SHA1
  
  df9232bdfa7cd10bd399e41fb99ff6bf6d18583c
- SHA256
  
  bf1d51d0010255cf65f472e4b694835f0b9535c2c60893793b3cbcb03cb5ccf9
- SHA512
  
  763ba4ede0453180c4cc3a63ed41f29ebed5ce9f5e0743d5cf78eae83e40553b858dd6d0b882b0229a220f93efd271e17cb1c828cf58ad0c8fb6d9ce792a3a5c
- SSDEEP
  
  98304:5qJbc5xtz+kl/m5aifMc/PKkuExnaZ/l+7Y1rtJKCg8:UJk+y/m0ifVKkbaZ/l+7Y1rtECg8
Score

10^/10

metasploit backdoor discovery spyware stealer trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryspywarestealertrojan

behavioral2

metasploitbackdoordiscoveryspywarestealertrojan