metasploit | cc82a28b5143e3343cccd5e1bef91464e321fdafebd4638a3e76d7fd565a3866 | Triage

Sharing

General

Target

ftyy6.exe
Size

112KB
Sample

240923-y7kz2szekj
MD5

12d8ab57264221d75ad61ad4c44ca0a9
SHA1

d34170576d85ad51102d99ec2ce80777952910cf
SHA256

cc82a28b5143e3343cccd5e1bef91464e321fdafebd4638a3e76d7fd565a3866
SHA512

9ceedfeae8871524f55b9d2c3184814840ac328ecfd9e310fb213cc47e7ab460fcc37b6bcf2290856791158acfbf740bb224b29f0ae79a52f14ab9c9949b10b5
SSDEEP

3072:omQub/u/E9NdbpPRz92lQBV+UdE+rECWp7hK8:DDWkfBV+UdvrEFp7hK8

Score

10^/10

metasploit backdoor discovery evasion trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  ftyy6.exe
- Size
  
  112KB
- MD5
  
  12d8ab57264221d75ad61ad4c44ca0a9
- SHA1
  
  d34170576d85ad51102d99ec2ce80777952910cf
- SHA256
  
  cc82a28b5143e3343cccd5e1bef91464e321fdafebd4638a3e76d7fd565a3866
- SHA512
  
  9ceedfeae8871524f55b9d2c3184814840ac328ecfd9e310fb213cc47e7ab460fcc37b6bcf2290856791158acfbf740bb224b29f0ae79a52f14ab9c9949b10b5
- SSDEEP
  
  3072:omQub/u/E9NdbpPRz92lQBV+UdE+rECWp7hK8:DDWkfBV+UdvrEFp7hK8
Score

10^/10

metasploit backdoor discovery evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Drops file in Drivers directory
- Deletes itself
- Executes dropped EXE
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasiontrojan

behavioral2

metasploitbackdoordiscoveryevasiontrojan