metasploit | 6717c8b65513d5ff550d6346c06c33eff732de8543f79bd25ab583f38033f517 | Triage

Sharing

General

Target

6717c8b65513d5ff550d6346c06c33eff732de8543f79bd25ab583f38033f517
Size

118KB
Sample

240527-24dy4sdd91
MD5

e656536f9ea974740acbe4a763b8a8fe
SHA1

ea8f2d6a56b330470c41602386fc350cfdce4278
SHA256

6717c8b65513d5ff550d6346c06c33eff732de8543f79bd25ab583f38033f517
SHA512

27d370402c843223c15f5b73e73e586e264460f432213b0ea6bc665306ab3e80c5a2851dc5ce48862bb3f8f3a1ea44d9254b7f7f5c081b60d4cf8b2472efe019
SSDEEP

1536:1jke9WIvVkcjVZx0A2gbwgObwf9PZWtv9oph/kSbIJwenruENm/3G4GhYo1dim:1Ie9WIv5RZHMiDour9m

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.180.129:1111

Targets

- Target
  
  6717c8b65513d5ff550d6346c06c33eff732de8543f79bd25ab583f38033f517
- Size
  
  118KB
- MD5
  
  e656536f9ea974740acbe4a763b8a8fe
- SHA1
  
  ea8f2d6a56b330470c41602386fc350cfdce4278
- SHA256
  
  6717c8b65513d5ff550d6346c06c33eff732de8543f79bd25ab583f38033f517
- SHA512
  
  27d370402c843223c15f5b73e73e586e264460f432213b0ea6bc665306ab3e80c5a2851dc5ce48862bb3f8f3a1ea44d9254b7f7f5c081b60d4cf8b2472efe019
- SSDEEP
  
  1536:1jke9WIvVkcjVZx0A2gbwgObwf9PZWtv9oph/kSbIJwenruENm/3G4GhYo1dim:1Ie9WIv5RZHMiDour9m
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan