metasploit | 2480ce678b0f1dadd044daeadd54b619ae0d85d338d8bb6ec088b90df33e6f9c | Triage

Sharing

General

Target

67c7e405ab3003e31c4a5b644018f533.vbs
Size

7KB
Sample

240922-vxg9ma1dkm
MD5

67c7e405ab3003e31c4a5b644018f533
SHA1

0fa769646f98dadacb56a1403fbfee7b093a00ad
SHA256

2480ce678b0f1dadd044daeadd54b619ae0d85d338d8bb6ec088b90df33e6f9c
SHA512

5a79fd9bc7fd609afaabba9ee7f6821c0cdc9a2573ee0f8b7479e922eb58473a8fed71d150084bb66a5b92e302ec7d33894c8a3b522fee1b120d279e9ba66fb2
SSDEEP

96:h4D2/N5eIpp/DWL6jFWt2fk2WL2DzGZy9DXW61GY4SXou:qD2/N1nqOhQL2dzTlXWwDZXou

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

89.197.154.116:7810

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Targets

- Target
  
  67c7e405ab3003e31c4a5b644018f533.vbs
- Size
  
  7KB
- MD5
  
  67c7e405ab3003e31c4a5b644018f533
- SHA1
  
  0fa769646f98dadacb56a1403fbfee7b093a00ad
- SHA256
  
  2480ce678b0f1dadd044daeadd54b619ae0d85d338d8bb6ec088b90df33e6f9c
- SHA512
  
  5a79fd9bc7fd609afaabba9ee7f6821c0cdc9a2573ee0f8b7479e922eb58473a8fed71d150084bb66a5b92e302ec7d33894c8a3b522fee1b120d279e9ba66fb2
- SSDEEP
  
  96:h4D2/N5eIpp/DWL6jFWt2fk2WL2DzGZy9DXW61GY4SXou:qD2/N1nqOhQL2dzTlXWwDZXou
Score

10^/10

metasploit backdoor trojan discovery
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoordiscoverytrojan