metasploit | a07444d7955d03e97f1643050cca78054035d2edd4a7d59e4ffb700b2be3f991 | Triage

Sharing

General

Target

p.ps1
Size

3KB
Sample

240520-ns7kdsac71
MD5

de0a2d4a5b8f316d6587a30da16063e2
SHA1

2c908516a15a6ffbb6668d111465a564cf97a608
SHA256

a07444d7955d03e97f1643050cca78054035d2edd4a7d59e4ffb700b2be3f991
SHA512

065287eab4fff87a1c91152d261cd7865bae933cf1565514653c5b57b5bf5e8c8dfd78b189f0c339976ee3e90a2713f587b1d524e4d4f798057f746dc6413980

Score

10^/10

metasploit execution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.8.204.157:19001/DUoT

Targets

- Target
  
  p.ps1
- Size
  
  3KB
- MD5
  
  de0a2d4a5b8f316d6587a30da16063e2
- SHA1
  
  2c908516a15a6ffbb6668d111465a564cf97a608
- SHA256
  
  a07444d7955d03e97f1643050cca78054035d2edd4a7d59e4ffb700b2be3f991
- SHA512
  
  065287eab4fff87a1c91152d261cd7865bae933cf1565514653c5b57b5bf5e8c8dfd78b189f0c339976ee3e90a2713f587b1d524e4d4f798057f746dc6413980
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2