metasploit | bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461 | Triage

Sharing

General

Target

bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
Size

401KB
Sample

240418-hjlzfadh26
MD5

afcd5cc03a3f1ad37809812677874828
SHA1

bd2f9c861440b5b050a9bb7cf1b7785d2bc4bbac
SHA256

bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
SHA512

924e0d9e9b8cee9b0250fca5e3074419b253d7332b23e71920377eaf38f7e4578086303acaf141fee428f6370d0c3dc2b6380da8a0877534625877afcf8043fe
SSDEEP

12288:uubsNSOetfARQAPyGU2X+tZ/iU5rhd4Ws0H1o:uubsnafAPyjt/iKrJ9H1o

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.72.128:1234

192.168.72.128:1111

Targets

- Target
  
  bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
- Size
  
  401KB
- MD5
  
  afcd5cc03a3f1ad37809812677874828
- SHA1
  
  bd2f9c861440b5b050a9bb7cf1b7785d2bc4bbac
- SHA256
  
  bc275e53bb36047b5cb68b40ac6b5a9e170599b39f0c4ea4bb781dce3fa20461
- SHA512
  
  924e0d9e9b8cee9b0250fca5e3074419b253d7332b23e71920377eaf38f7e4578086303acaf141fee428f6370d0c3dc2b6380da8a0877534625877afcf8043fe
- SSDEEP
  
  12288:uubsNSOetfARQAPyGU2X+tZ/iU5rhd4Ws0H1o:uubsnafAPyjt/iKrJ9H1o
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan