metasploit

Sharing

Copy URL

Twitter E-mail

General

Target

5549893a7440486e13fa0b37deacfc52.bin
Size

23.0MB
Sample

241018-bp49ms1bkk
MD5

bb60720ffd03f527a7c27f270e796a15
SHA1

7f74ba8834aa70ca283acd1a4320e557f3da080d
SHA256

3af83b9fd6d44e79d3cb01decd565cec0fd5db872de3aec1831babd436fcb226
SHA512

08ead531b6a483de7ce789dfb8a2822174fbc1c9c38801a8b66fa81f7eacea801a8d757cee8d2b9040289ae89840c67ef5f137632319b53e0ad15bd463c6821e
SSDEEP

393216:BLy99oxL8dtKI/ACq74Czo7Eie7QRmlosysPNKUCgvjRVJoF8l6bcDAWC:BLypTmCqjzotV6nyGN379oFXyFC

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

89.204.90.65:4444

Targets

- Target
  
  testingflrplgpreg-main/DiscordSRV.jar
- Size
  
  9.8MB
- MD5
  
  1653da0d8ff485ed138bbf3f4c03aa2e
- SHA1
  
  f55005317a18ec583a64821cf310b91d8f475c15
- SHA256
  
  cc8ee0e5b4a053369095b810a527895ee1357b4f1a9e7c82d769eaf5e4699798
- SHA512
  
  d1e43715fbac2a83360057e4760a0e7e70bb26be5621a596ee3c95d718acfb801707e74f0ee1782dbb0f4877eab0159335a61c893dbcdd682752a868af33521f
- SSDEEP
  
  196608:8/NArCr09d+JSf2RwXEHMkVdG+Ih6zXsO8tEAMylrhKKUJK:ANAhUJtskS+IgXb8WwlrhxUs
Score

1^/10
behavioral1 behavioral2
- Target
  
  testingflrplgpreg-main/LuckPerms-Bukkit-5.4.102.jar
- Size
  
  1.4MB
- MD5
  
  d4643caba77ca5bb7d579b964dca06ec
- SHA1
  
  4581d81f6cc7966ddba3744d5f2ea4dd16c5760f
- SHA256
  
  9da9d097029759e4224bd8b560b5e333dd46eb8f9a73baa740f0367181f7c5bf
- SHA512
  
  bd5ee3c0dc40bec928dddf1ef4e3fe0e11d65d5052834346f9d7e1c12f53d9aac52130a0a54e2795f5e126684eac1cdd2ebb1e4c27a40505358e656aebd113c1
- SSDEEP
  
  24576:CJahQm+SvL0hsltXBFXhg455YKOBljwpC2VAThgD+0YNkTF1OavQJ:C0aO0stOBljeCEAThCxY6Savc
Score

1^/10
behavioral3 behavioral4
- Target
  
  testingflrplgpreg-main/LuckPerms-Bukkit-5.4.98.jar
- Size
  
  1.4MB
- MD5
  
  d4643caba77ca5bb7d579b964dca06ec
- SHA1
  
  4581d81f6cc7966ddba3744d5f2ea4dd16c5760f
- SHA256
  
  9da9d097029759e4224bd8b560b5e333dd46eb8f9a73baa740f0367181f7c5bf
- SHA512
  
  bd5ee3c0dc40bec928dddf1ef4e3fe0e11d65d5052834346f9d7e1c12f53d9aac52130a0a54e2795f5e126684eac1cdd2ebb1e4c27a40505358e656aebd113c1
- SSDEEP
  
  24576:CJahQm+SvL0hsltXBFXhg455YKOBljwpC2VAThgD+0YNkTF1OavQJ:C0aO0stOBljeCEAThCxY6Savc
Score

1^/10
behavioral5 behavioral6
- Target
  
  testingflrplgpreg-main/TAB v4.1.5.jar
- Size
  
  1.4MB
- MD5
  
  0f68c7cd0934fbdd99411e9a3822afb0
- SHA1
  
  ebdae7dc3d57f3b3bc958e9f90349314ef4e11af
- SHA256
  
  80f8cc397b8cd15a219d727707e0ea9ab930e543017bc9dcd1635f52c40d5968
- SHA512
  
  891ebf72e5360a801c9f38e475ca885d9c7ee881288a5c820734cf59326e0a31584e1e534134208c9289a787354f37f5d8cd3d5d0a69a61a8cd5cfa997342e5b
- SSDEEP
  
  24576:/Q6Yw76S80KxqEGiYj0lfr809cldSHCpUTK2bv3lPHf+j57FQKPeaKBr+VEIhY:/Qbw76hhYAlf409odSi633t/+PNKheZY
Score

1^/10
behavioral7 behavioral8
- Target
  
  testingflrplgpreg-main/Vault.jar
- Size
  
  336KB
- MD5
  
  7964a95b8434eed2e7a88a77e87b583c
- SHA1
  
  33b3d491c8786932ea68fa5f78f6c0a66e3750e3
- SHA256
  
  34b1037d34257d4d8198fb81c1f40c57cd4723c4df51304623621fc41e242124
- SHA512
  
  d0f71b7cc8d2ebbaa7ebd24e2de20a120f7dd94d928519faad758914bffc6220bfe497d36310ae09f0df50c2eb8097d7f573d6c9ab6ca50034537a03942a4b24
- SSDEEP
  
  6144:Fn9nV6ioIgjPWGaWmTH99+jAlVKyyH949+bqYfrRbD6sj9MKDop51:Fn9UiAP/a/4QnyHw+bqYtqsj9MAoh
Score

1^/10
behavioral10 behavioral9
- Target
  
  testingflrplgpreg-main/baks-zapret.exe
- Size
  
  1.3MB
- MD5
  
  2cbf4b1ef30e6156b41f78cff4040287
- SHA1
  
  6e1968746690e6a4189c9c3a30168654445701c8
- SHA256
  
  7f40eaffe324e40a3d39b6d960c010be914243de7b05554716ed9c4900bb188c
- SHA512
  
  3ba5c15bccabaa740044664a98b0e27cebe95c3df2ce3a14a70d8929c3dfe27f9c01e6e66647cacf9b9f30f36ca4bfe8d1cad6a97601ab413f79c9be771878e1
- SSDEEP
  
  24576:l1eTCF7g2E9sb/uxNTMgyz+BcLDbPkACQjh/ZGx:eTU2Mgyz+BcnbPkcU
Score

8^/10

execution upx
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12
- Target
  
  testingflrplgpreg-main/connector1.exe
- Size
  
  72KB
- MD5
  
  32282cfa34ebd3aa220bb196c683a46e
- SHA1
  
  4299a9a8e97a6ad330c1e0e2cc3368834a40f0cb
- SHA256
  
  3c3ce0355bfa42b379830b93a76cffd32fceed54e6b549ae4a1132ca30b392ff
- SHA512
  
  b567f434a313d270a53945a75d3303db179964faabde22786b37e8399b03d2ab664f11d03f93f5e22ea1aa8b38b1481fcdd302e688c5c1e9c3f1e3516ceebfb4
- SSDEEP
  
  1536:ISobLjmZ0irkrNHsFOjzPkA+2QMb+KR0Nc8QsJq39:uHKZ1eVzskQe0Nc8QsC9
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral13 behavioral14
- Target
  
  testingflrplgpreg-main/plug/voidaddons.jar
- Size
  
  1.3MB
- MD5
  
  3b0460c7eb57cabbf52d0bac3bd498f2
- SHA1
  
  abccdcd3337325bf5c701b94df492ab617f20d8c
- SHA256
  
  dc5f1fa8189d167e9e67ce84c86fcd83d18b136c4ceeecf3220a57b545f8b60a
- SHA512
  
  ad3d542550f7099b2ee733c1d1cb2cf61a801aa554615c7dbdd7aa25c2b9ecd5ff062d1a70544b09735bfed0010d94e17bb46803ced8a8c6c453d1ea2787ce4f
- SSDEEP
  
  24576:/IbTOygP10a/MTMiCCKFZlOXh/0PgoECkl5Ujb89yXt:/IbTBCUTRbKj0Xh/PxXYb89yXt
Score

1^/10
behavioral15 behavioral16
- Target
  
  testingflrplgpreg-main/starter.sh
- Size
  
  354B
- MD5
  
  4ac2e1eb84edfb09be2f9bca9a58de11
- SHA1
  
  d5ac50e52e5685fe1dd6ab69f8d21fd7f87ce5b6
- SHA256
  
  1b3f7ab5e2053a2dc592d0a9a798f85eb63aba47a46c5cc8206bb7040573afe6
- SHA512
  
  45001ba154eb215a476c1ea0dfa5f2bbbc50d120fe2c2a8d63e5f7601a515b8942ea5bbba03e6b9477a75674fe7755473862282aba832602556bbea8cd90c542
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  testingflrplgpreg-main/zapretka.exe
- Size
  
  1.3MB
- MD5
  
  80c93e18eb2b5afecb20193abbd53804
- SHA1
  
  7f2f37bbb20b5cd0f353bec950e80b3a7129b4a3
- SHA256
  
  7cea393fe83fa489ce72e45ca6fdaeac0d86061f298a090ac4ac0a0c21d78ccf
- SHA512
  
  f3545d1a6adab75908d67bfafb4a40253d5066f292cb44f69f3faa12c7526733d90b65e7402d9841ae18c60b701c8f3d7e9ff4cb6f5abb2c22f7edb65ad5baff
- SSDEEP
  
  24576:75v4DT3ehpVLtT43PnMV2sES1Sw4stLNzpV7kIZIT+EvhLhTYDyVuCWN/+:dqTapX6024Yw4sBdpcphLhTWhH+
Score

8^/10

execution upx
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20