metasploit | 418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd | Triage

Submit
Reports

Overview

overview

Static

static

3

418541857f...cd.dll

windows10-2004-x64

Resubmissions

31-05-2024 11:24

240531-nhs91sgc32 10

30-05-2024 18:03

240530-wm2e7agh32 10

30-05-2024 17:29

240530-v2swxseh6y 10

Sharing

General

Target

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
Size

96KB
Sample

240530-wm2e7agh32
MD5

14b6593b7fccd7eb33e3abc23c1f362c
SHA1

750e811324238a582b4b76f929af593101a6d1de
SHA256

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
SHA512

b02fe19367e3b1bea50ddddc01739d5bde4c16503c6ee041d64c3dfb7e5378f2f9a20e463c03c49808746bcbc0704eced39fc064de3f6e1c8c06f7a6eb45cd9f
SSDEEP

1536:FFCLtN2pRudECjdZZ/goqj48n7yEYhUrD3QhpA7HdqZLSwPMUU+v8TJGim:rmtNcu6CBPoM87bMUD3sGu8+v8TJG

Score

10^/10

metasploit backdoor bootkit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd.dll

Resource

win10v2004-20240508-en

metasploit backdoor bootkit persistence trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://5.149.253.238:443/jhGC

Targets

- Target
  
  418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
- Size
  
  96KB
- MD5
  
  14b6593b7fccd7eb33e3abc23c1f362c
- SHA1
  
  750e811324238a582b4b76f929af593101a6d1de
- SHA256
  
  418541857fdbac27dcafb5f1be266ae9a5c35c3f69ea64e8af14e996c12a53cd
- SHA512
  
  b02fe19367e3b1bea50ddddc01739d5bde4c16503c6ee041d64c3dfb7e5378f2f9a20e463c03c49808746bcbc0704eced39fc064de3f6e1c8c06f7a6eb45cd9f
- SSDEEP
  
  1536:FFCLtN2pRudECjdZZ/goqj48n7yEYhUrD3QhpA7HdqZLSwPMUU+v8TJGim:rmtNcu6CBPoM87bMUD3sGu8+v8TJG
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

© 2018-2024

Terms | Privacy