metasploit | 2935f78883b74b4f8758fdf0e7b1d49dc5e114189d595ab60040e25e2587ff90 | Triage

Sharing

General

Target

trigger.vbs
Size

7KB
Sample

240606-xl65qaad5t
MD5

2026d6fcbafcfd77ebbe047864943156
SHA1

3e5cc28548561728bddd8e6ba33fd799259499b6
SHA256

2935f78883b74b4f8758fdf0e7b1d49dc5e114189d595ab60040e25e2587ff90
SHA512

6bb81ab5beff055c46e74a00e1df042c074e7207cc62846771d5df2eae216edd4c1929f5a7087f8a28d8914cd598f8dc2fff68420385c31f8bfa4233438f3123
SSDEEP

96:l/7/l5e8T+CY0PvBjfpi1nXBFX7g6h6zyCkVU3Ngih00HM4v0GRvMIDucTSNd1:57/lNzVKHGyCkVC08/vMIruNd1

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

109.93.203.238:443

Targets

- Target
  
  trigger.vbs
- Size
  
  7KB
- MD5
  
  2026d6fcbafcfd77ebbe047864943156
- SHA1
  
  3e5cc28548561728bddd8e6ba33fd799259499b6
- SHA256
  
  2935f78883b74b4f8758fdf0e7b1d49dc5e114189d595ab60040e25e2587ff90
- SHA512
  
  6bb81ab5beff055c46e74a00e1df042c074e7207cc62846771d5df2eae216edd4c1929f5a7087f8a28d8914cd598f8dc2fff68420385c31f8bfa4233438f3123
- SSDEEP
  
  96:l/7/l5e8T+CY0PvBjfpi1nXBFX7g6h6zyCkVU3Ngih00HM4v0GRvMIDucTSNd1:57/lNzVKHGyCkVC08/vMIruNd1
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoortrojan