metasploit | 97103a38ca96751430190a2c14bda371fa1753b6ac8c904c3783b151fbafadab | Triage

Resubmissions

13-07-2024 05:39

240713-gchg1azfpf 10

13-07-2024 05:35

240713-f98vsaxgjq 10

01-03-2024 08:56

240301-kv1m3seg2v 10

Sharing

General

Target

HradewMM.posh.ps1
Size

3KB
Sample

240713-f98vsaxgjq
MD5

475971ebaaa5e66900e78a2b14ccdb84
SHA1

2fd5abc165b3cfac4da62573aeed0761fbaf45b9
SHA256

97103a38ca96751430190a2c14bda371fa1753b6ac8c904c3783b151fbafadab
SHA512

c7ccc56e43be8f3eb920fff5697b9d29c5a0c03f1a93a45b05724e4cf96f37a8faa273379fe635b4544250f8d99730996094ab9c073312294fd465ae8cbe0371

Score

10^/10

metasploit backdoor execution trojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

18.176.183.3:19517

Targets

- Target
  
  HradewMM.posh.ps1
- Size
  
  3KB
- MD5
  
  475971ebaaa5e66900e78a2b14ccdb84
- SHA1
  
  2fd5abc165b3cfac4da62573aeed0761fbaf45b9
- SHA256
  
  97103a38ca96751430190a2c14bda371fa1753b6ac8c904c3783b151fbafadab
- SHA512
  
  c7ccc56e43be8f3eb920fff5697b9d29c5a0c03f1a93a45b05724e4cf96f37a8faa273379fe635b4544250f8d99730996094ab9c073312294fd465ae8cbe0371
Score

10^/10

metasploit backdoor execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorexecutiontrojan