metasploit | 6dda275ed375bba58173eab8e31dd2e21ba46a3fb2ab646ae533c2e6655653e6 | Triage

Sharing

General

Target

d303872896bc0524074ff29e542fd680_NEIKI
Size

17KB
Sample

240508-e95mpadg88
MD5

d303872896bc0524074ff29e542fd680
SHA1

001d039589a1fd1138c70b5412b4765aca4e6687
SHA256

6dda275ed375bba58173eab8e31dd2e21ba46a3fb2ab646ae533c2e6655653e6
SHA512

c4d0856a850dc074fad51692694647129efd7b1494e41919767019402a4471fc69fdcc7d4a6afdd67d7666c60eb935a9157817cc7db3611bb78dfafe8856015b
SSDEEP

384:YIEEoLO56ayzcMj+j+XocZSBphpGaaK/YgJwqV3EwmczGnfTJCxk:ME8O56lcVj+XT6gAYgJwMccSfTJCxk

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.0.2.15:4040

Targets

- Target
  
  d303872896bc0524074ff29e542fd680_NEIKI
- Size
  
  17KB
- MD5
  
  d303872896bc0524074ff29e542fd680
- SHA1
  
  001d039589a1fd1138c70b5412b4765aca4e6687
- SHA256
  
  6dda275ed375bba58173eab8e31dd2e21ba46a3fb2ab646ae533c2e6655653e6
- SHA512
  
  c4d0856a850dc074fad51692694647129efd7b1494e41919767019402a4471fc69fdcc7d4a6afdd67d7666c60eb935a9157817cc7db3611bb78dfafe8856015b
- SSDEEP
  
  384:YIEEoLO56ayzcMj+j+XocZSBphpGaaK/YgJwqV3EwmczGnfTJCxk:ME8O56lcVj+XT6gAYgJwMccSfTJCxk
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan