Overview

overview

10

Static

static

10

reverse_tcp_uuid.ps1

windows7-x64

10

reverse_tcp_uuid.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    reverse_tcp_uuid.ps1

  • Size

    3KB

  • Sample

    240530-e64wzsfg37

  • MD5

    331d94d6f3ddc3ab72ccf77165e58f0e

  • SHA1

    9fc06743ddfd5e4cc8df66bfcaf33f468a64baea

  • SHA256

    3459b6d7c3a2185f77e9e5b6d295c01ec7ac7cc401cf52c1c99259f22d00f30f

  • SHA512

    ed65fc2f70a853b9d54527c5029816b8fd8906da2ebff12916b931644b4f704177a373e308f942938054b09a4001aa2324b0bd47360c7e3143f9d5a0054f0cfe

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

1.14.247.162:40001

Targets

    • Target

      reverse_tcp_uuid.ps1

    • Size

      3KB

    • MD5

      331d94d6f3ddc3ab72ccf77165e58f0e

    • SHA1

      9fc06743ddfd5e4cc8df66bfcaf33f468a64baea

    • SHA256

      3459b6d7c3a2185f77e9e5b6d295c01ec7ac7cc401cf52c1c99259f22d00f30f

    • SHA512

      ed65fc2f70a853b9d54527c5029816b8fd8906da2ebff12916b931644b4f704177a373e308f942938054b09a4001aa2324b0bd47360c7e3143f9d5a0054f0cfe

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks