metasploit | 096024b0cf6ebcbad059c030d43d76451c1a184a2c1f7680f3976718d198de31 | Triage

Sharing

General

Target

096024b0cf6ebcbad059c030d43d76451c1a184a2c1f7680f3976718d198de31
Size

4.0MB
Sample

240926-jp8aasydlh
MD5

73f86717725bdb7c72c04f47191f155b
SHA1

52baad3486c9b5e04aa4e07eeec8ff67c861d65b
SHA256

096024b0cf6ebcbad059c030d43d76451c1a184a2c1f7680f3976718d198de31
SHA512

e54c85a61e0a2d98ef0488690f4da23ec98cdb51dae4752982a28ff512f4dfe05a4c692e75d11ce0aaa9e4a1412d22562b527eaf0ea9d1f5c7ed43405ff83155
SSDEEP

49152:i1ZXtxDOmWP0pVfuFt37RW9/9pSTQSpItLc8a2n7s+TTCP0VXbpX5Sl35mjAYRGo:atxKmWMs3RW9o4P7hTbM

Score

10^/10

metasploit backdoor bootkit discovery persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.5.9:6789

Targets

- Target
  
  096024b0cf6ebcbad059c030d43d76451c1a184a2c1f7680f3976718d198de31
- Size
  
  4.0MB
- MD5
  
  73f86717725bdb7c72c04f47191f155b
- SHA1
  
  52baad3486c9b5e04aa4e07eeec8ff67c861d65b
- SHA256
  
  096024b0cf6ebcbad059c030d43d76451c1a184a2c1f7680f3976718d198de31
- SHA512
  
  e54c85a61e0a2d98ef0488690f4da23ec98cdb51dae4752982a28ff512f4dfe05a4c692e75d11ce0aaa9e4a1412d22562b527eaf0ea9d1f5c7ed43405ff83155
- SSDEEP
  
  49152:i1ZXtxDOmWP0pVfuFt37RW9/9pSTQSpItLc8a2n7s+TTCP0VXbpX5Sl35mjAYRGo:atxKmWMs3RW9o4P7hTbM
Score

10^/10

metasploit backdoor discovery trojan bootkit persistence
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoorbootkitdiscoverypersistencetrojan