metasploit | 28b3c2ac66ddf74d3fbab162ee8ee4292798db4f282ae3906b5bc413bf1bec65 | Triage

Sharing

General

Target

28b3c2ac66ddf74d3fbab162ee8ee4292798db4f282ae3906b5bc413bf1bec65
Size

1.8MB
Sample

240415-24pevaag33
MD5

045d008e61ddea0443409dfe8fa9dc5c
SHA1

e17a9fa44ccf90416ea51d6598ed3651ab806c4e
SHA256

28b3c2ac66ddf74d3fbab162ee8ee4292798db4f282ae3906b5bc413bf1bec65
SHA512

88f47c6a993929db0fdb88dc4e98db02d9214b161212f29e0bd7a4ef5e0c9bd6cc2219534b4a1273f1c724a176d1996cf4a8d466aba6b7965c7f9e15aca52a60
SSDEEP

24576:/3vLRdVhZBK8NogWYO09eOGi9JbBodjwC/hR:/3d5ZQ12xJ+

Score

10^/10

metasploit backdoor discovery spyware stealer trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

1.15.12.73:4567

Targets

- Target
  
  28b3c2ac66ddf74d3fbab162ee8ee4292798db4f282ae3906b5bc413bf1bec65
- Size
  
  1.8MB
- MD5
  
  045d008e61ddea0443409dfe8fa9dc5c
- SHA1
  
  e17a9fa44ccf90416ea51d6598ed3651ab806c4e
- SHA256
  
  28b3c2ac66ddf74d3fbab162ee8ee4292798db4f282ae3906b5bc413bf1bec65
- SHA512
  
  88f47c6a993929db0fdb88dc4e98db02d9214b161212f29e0bd7a4ef5e0c9bd6cc2219534b4a1273f1c724a176d1996cf4a8d466aba6b7965c7f9e15aca52a60
- SSDEEP
  
  24576:/3vLRdVhZBK8NogWYO09eOGi9JbBodjwC/hR:/3d5ZQ12xJ+
Score

10^/10

metasploit backdoor discovery spyware stealer trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryspywarestealertrojan

behavioral2

metasploitbackdoordiscoveryspywarestealertrojan