metasploit | 92a439c2c5d3bb748830980a81137bfdde5dd0c4ff4d09fd32f969d613011f2c | Triage

Sharing

General

Target

cs1.zip
Size

550KB
Sample

240601-v5vvpahg91
MD5

e3c79cb1d84fad2b567cac851e216d67
SHA1

6576861ca202d6d3dcffdcf2048c7a7621abcd4d
SHA256

92a439c2c5d3bb748830980a81137bfdde5dd0c4ff4d09fd32f969d613011f2c
SHA512

427e8a247bc8d163a8ef4c9d126249232bb15fb100a2c91f7ba7bd6c25d29cd7e4819a368472f17c84a800d4d0c32cd351a32b18fa4474e7428426f9b6af5210
SSDEEP

12288:tykY9ZIKzEIM3er8W4KVGZOcXzN6zNsmZsjYdG5+gco2GZw1Zd:E87IM3SY4Gg6zEzh1O+gcCw1X

Score

10^/10

metasploit backdoor execution linux trojan upx

Malware Config

Extracted

Family

metasploit

Version

windows/exec

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://web.danger.mal/danger

Extracted

Family

metasploit

Version

windows/reverse_tcp_dns

C2

web.danger.net:5555

Targets

- Target
  
  sample1.exe_
- Size
  
  83KB
- MD5
  
  dec37e4b834cf3a9a78475fec06255db
- SHA1
  
  bc6a9f3dd99e40dfe34ba8c64401027a3d86d2bc
- SHA256
  
  075a8576bb2f75bf56cfa8c88727011ac66f176ca5abe2a78978c556577e5058
- SHA512
  
  8402a9206285014fe6ab3752433835a7f907406d2c5fb23204a567d3f9940c844578ee525c64b6a67d81bf0983e7d3972fb2380d822cc9fd08eec098749d4a77
- SSDEEP
  
  1536:Icus7AQXjNta73Jah9UFBD3JMb+KR0Nc8QsJq3Gnq3+/q3DlHq3/:lAYhta7ouJe0Nc8QsCzDDm/
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2
- Target
  
  sample2.exe_
- Size
  
  510KB
- MD5
  
  6fdc5264c5c71742999be0c978690b49
- SHA1
  
  c925627be4ea4c1b993023e7ab55133b0b87b449
- SHA256
  
  31bf9b187a5c929081a271966eaf6c97a7eabfd27198520016dad9a47be50fb8
- SHA512
  
  cd36f373d339be5a7fe9a558cb78ef1edf4c3834ac4e1f21c94bedd08a3763b0d6f7018485a231fbe2f5394c84c92f61c36cb4b0200238a4d943a227becb2ca1
- SSDEEP
  
  12288:OHIefBR4nHxRDUW5MgDyM1eNpd1NvYF9vAijxl83004uzwWS:WIefBo6czynfXk9vACl830ZuY
Score

3^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Account Manipulation

Privilege Escalation

Account Manipulation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan

behavioral2

metasploitbackdoorexecutiontrojan

behavioral3