metasploit

Resubmissions

24-04-2024 15:34

240424-sz7wysce91 1

24-04-2024 15:31

240424-sx1pvsce5v 10

24-04-2024 15:26

240424-svmp8acd7y 6

Sharing

Copy URL

Twitter E-mail

General

Target

http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c
Sample

240424-sx1pvsce5v

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c
Score

10^/10

metasploit backdoor bootkit evasion persistence ransomware trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Disables Task Manager via registry modification

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1