metasploit | 5258590e6f6f1f45932bf67227f458c6c162c85003a5cad340773a73338251ab | Triage

Sharing

General

Target

putty_7z.7z
Size

646KB
Sample

240926-f2kg8azdpj
MD5

f8989c38aefb09879b06889a2813e329
SHA1

fba85b8c8bfa229aecd6d12bfb9d9293573e8b80
SHA256

5258590e6f6f1f45932bf67227f458c6c162c85003a5cad340773a73338251ab
SHA512

b71d0d023446e3ead523ed5ecfe3af145c059d332371b52d53dbd1c4cb0a5cc1f5babd02ad29b96a34a064d9bb7265420bf02d1f99dbb7b1e8c3d79f5677ab50
SSDEEP

12288:vbjhXeGvD/bHzbvEbMQAH2sQL1FSdY4gs0WKDq85k3MJJQUnZ5JncyjM:DjJJv7jslACLmd/TKDq8mcJXHM

Score

10^/10

metasploit backdoor discovery execution trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  putty.exe
- Size
  
  1.5MB
- MD5
  
  334a10500feb0f3444bf2e86ab2e76da
- SHA1
  
  c6a97b63fbd970984b95ae79a2b2aef5749ee463
- SHA256
  
  0c82e654c09c8fd9fdf4899718efa37670974c9eec5a8fc18a167f93cea6ee83
- SHA512
  
  9c85eff62ef12564f02735c58b64c581da7107cd250829ce88cc569c5def675d76da3b538a4a394aa2747c375fe683d629e552c3c279d35d6db8484467a530de
- SSDEEP
  
  24576:913gJnNiQQSA7Ph8NKvKUWq8U5EDvLJPjraFLR5ROWgNcEDvLJPjraFLR5ROx:9WjrHKvKUYPjrkp7gRjrkpO
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan