metasploit | 7db40a37f34545a195973c341554cfb02ae0f105898e20eafb4dfb55f8a65a77 | Triage

Sharing

General

Target

reverse_tcp.ps1
Size

3KB
Sample

240530-e64k8afg34
MD5

657aaf2c8944a2ecece034897b805f2b
SHA1

904be1d83693515012d6ec0ed21d16e575c822f3
SHA256

7db40a37f34545a195973c341554cfb02ae0f105898e20eafb4dfb55f8a65a77
SHA512

16c3b2bfa1c8a9b6408be4a916bc28fb33d639f5bf56ed8dd703f16b80fcb014b479d9502cbe74b50183038d0ab8859ca8b2386c6cd628f2a5d9067325ead5f5

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

1.14.247.162:40001

Targets

- Target
  
  reverse_tcp.ps1
- Size
  
  3KB
- MD5
  
  657aaf2c8944a2ecece034897b805f2b
- SHA1
  
  904be1d83693515012d6ec0ed21d16e575c822f3
- SHA256
  
  7db40a37f34545a195973c341554cfb02ae0f105898e20eafb4dfb55f8a65a77
- SHA512
  
  16c3b2bfa1c8a9b6408be4a916bc28fb33d639f5bf56ed8dd703f16b80fcb014b479d9502cbe74b50183038d0ab8859ca8b2386c6cd628f2a5d9067325ead5f5
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan