metasploit | 621e36ba1d08069c547035634154f36f91bcb94a16b081101dc74c83f6be4606 | Triage

Sharing

General

Target

a1cf57d1b97d8d92f26e95864db53445.bat
Size

6KB
Sample

240924-fs53kaxckc
MD5

a1cf57d1b97d8d92f26e95864db53445
SHA1

c95736a6c6b861e535cdb5cd3e9ba16f423b41a7
SHA256

621e36ba1d08069c547035634154f36f91bcb94a16b081101dc74c83f6be4606
SHA512

4a0a266d8e8a767e732069fafce717397683d3c1122caabe9432af062edb415f83202e3245887fcdce84106e6d68518de4863643da7e89649a42d4f96955a9b1
SSDEEP

192:+n2jh1hqT2+jKQ3IV1/FoOdyCqxxIyQv2dHhW:+n2jh1hsJ/IryQhqKudHhW

Score

10^/10

metasploit backdoor discovery execution trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

89.197.154.116:7810

Targets

- Target
  
  a1cf57d1b97d8d92f26e95864db53445.bat
- Size
  
  6KB
- MD5
  
  a1cf57d1b97d8d92f26e95864db53445
- SHA1
  
  c95736a6c6b861e535cdb5cd3e9ba16f423b41a7
- SHA256
  
  621e36ba1d08069c547035634154f36f91bcb94a16b081101dc74c83f6be4606
- SHA512
  
  4a0a266d8e8a767e732069fafce717397683d3c1122caabe9432af062edb415f83202e3245887fcdce84106e6d68518de4863643da7e89649a42d4f96955a9b1
- SSDEEP
  
  192:+n2jh1hqT2+jKQ3IV1/FoOdyCqxxIyQv2dHhW:+n2jh1hsJ/IryQhqKudHhW
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan