metasploit | 440483f6bcb2ff8dca2d44e715f72db314056ad7e90ccb48135ad5c9a8c0f578 | Triage

Sharing

General

Target

payload_x86.ps1
Size

3KB
Sample

240917-sycdnazhnk
MD5

194d1495881b3eb9703f20e7d48eaefd
SHA1

688fcec91893ad30ea12c116466436acce00ded4
SHA256

440483f6bcb2ff8dca2d44e715f72db314056ad7e90ccb48135ad5c9a8c0f578
SHA512

95655c3fdb248cd59b0e5d3789d283e602722a51c4692af6a9a025abcc9e2324697d3e8dde42724a637605fa6853c7e17f0d82e8e190fd57100066844a08fe1b

Score

10^/10

metasploit discovery execution

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://83.229.120.79:9991/a8Wl

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; FunWebProducts)

Targets

- Target
  
  payload_x86.ps1
- Size
  
  3KB
- MD5
  
  194d1495881b3eb9703f20e7d48eaefd
- SHA1
  
  688fcec91893ad30ea12c116466436acce00ded4
- SHA256
  
  440483f6bcb2ff8dca2d44e715f72db314056ad7e90ccb48135ad5c9a8c0f578
- SHA512
  
  95655c3fdb248cd59b0e5d3789d283e602722a51c4692af6a9a025abcc9e2324697d3e8dde42724a637605fa6853c7e17f0d82e8e190fd57100066844a08fe1b
Score

8^/10

discovery execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution