metasploit | fbb44c5cc51bc4660c5ba48b12bcaef9b7b7c1296498e6b17fe8c0c12f60855f | Triage

Sharing

General

Target

a.bat
Size

7KB
Sample

240522-nx1mmsec6x
MD5

f3df25231a46629a2bf284b163c214f4
SHA1

11b6996ef719e34e70e008e51e51df238573ddb8
SHA256

fbb44c5cc51bc4660c5ba48b12bcaef9b7b7c1296498e6b17fe8c0c12f60855f
SHA512

bfa174b72a6454f163c9bc72da135f48c0ec8c741ba57017f8782bc63843f7f290f61e607d65afee297a3a7504138a26d8ef7ef91eeaa432369a3346257647bd
SSDEEP

192:/MHXvXhjyhhWSn6wF4XyBa95dXfaYOTPJ:/cXhjyhkSrF4XyBa95hBWPJ

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

45.63.99.50:4444

Targets

- Target
  
  a.bat
- Size
  
  7KB
- MD5
  
  f3df25231a46629a2bf284b163c214f4
- SHA1
  
  11b6996ef719e34e70e008e51e51df238573ddb8
- SHA256
  
  fbb44c5cc51bc4660c5ba48b12bcaef9b7b7c1296498e6b17fe8c0c12f60855f
- SHA512
  
  bfa174b72a6454f163c9bc72da135f48c0ec8c741ba57017f8782bc63843f7f290f61e607d65afee297a3a7504138a26d8ef7ef91eeaa432369a3346257647bd
- SSDEEP
  
  192:/MHXvXhjyhhWSn6wF4XyBa95dXfaYOTPJ:/cXhjyhkSrF4XyBa95hBWPJ
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2