metasploit | c639c49c1fa2c581f4ebd065591f6800f9c0178ad8235768be9fe640d346d471 | Triage

Sharing

General

Target

c639c49c1fa2c581f4ebd065591f6800f9c0178ad8235768be9fe640d346d471.pdf
Size

58KB
Sample

240907-pd344atelj
MD5

3adde4fdff788093d385f22601c4488e
SHA1

2ec40ed80fc962ce51c7b3fbe2f9360ba806424f
SHA256

c639c49c1fa2c581f4ebd065591f6800f9c0178ad8235768be9fe640d346d471
SHA512

eeee1c886f4a366523284e47670dc179e95a1eaaed3738fd6e4f614beff178939abbeae04873906b2cb7fb57c48cd378880391dfe30f7893011464c80ee9dbae
SSDEEP

768:TLcuNY8Dgm5XgDzsW1D4DBei8bWcYYy1ZrgtDhDUs1Nt615YNl3HkhNFksBy8DuT:TLcUj5w0W1Dz1biLsSsN8ANuFdtd6

Score

10^/10

metasploit backdoor discovery javascript pdf trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.0.2.15:443

Targets

- Target
  
  c639c49c1fa2c581f4ebd065591f6800f9c0178ad8235768be9fe640d346d471.pdf
- Size
  
  58KB
- MD5
  
  3adde4fdff788093d385f22601c4488e
- SHA1
  
  2ec40ed80fc962ce51c7b3fbe2f9360ba806424f
- SHA256
  
  c639c49c1fa2c581f4ebd065591f6800f9c0178ad8235768be9fe640d346d471
- SHA512
  
  eeee1c886f4a366523284e47670dc179e95a1eaaed3738fd6e4f614beff178939abbeae04873906b2cb7fb57c48cd378880391dfe30f7893011464c80ee9dbae
- SSDEEP
  
  768:TLcuNY8Dgm5XgDzsW1D4DBei8bWcYYy1ZrgtDhDUs1Nt615YNl3HkhNFksBy8DuT:TLcUj5w0W1Dz1biLsSsN8ANuFdtd6
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  form.pdf
- Size
  
  72KB
- MD5
  
  081fc5f9ef8ccf9b362b48bc4d66a269
- SHA1
  
  aa5bd818fb2a5c9d3591658439524f40cd2cc706
- SHA256
  
  48c6949a16fef947addfb644d1345224e6e4cacc4ebef750be0f3f85f8bda733
- SHA512
  
  80bdf5e06c8443c72ec7fe9893f490869cbe67afc95aabe48300a8a4282999048a5f691936d194ff22e9e27f79778d04cddb4332f275659cfaa17a972fc2be96
- SSDEEP
  
  1536:IfRBtXw/veTxpxjBrxVXdR3t7IDB5Mb+KR0Nc8QsJq39:6avehNrtR3t45e0Nc8QsC9
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdfjavascriptmetasploit

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

behavioral3

metasploitbackdoordiscoverytrojan

behavioral4

metasploitbackdoordiscoverytrojan