metasploit

General

Target

Downloads.zip
Size

48KB
Sample

241105-f4fxtavhlh
MD5

a993b040805a46a6f811c2f82ba15ac3
SHA1

0d739b4db6237a551a96f85824786858028b2f99
SHA256

85e90c7240f0d04c7a3e4cddabeb7afd17b3996382e0a83e905e346867a0b164
SHA512

0744cc48bbcf605b805f0c8168e7f631a1b31ba536de73e0ac6d89a6ff33025e786c5ff096c427bc882b7bb47b1ee70b3ecc7019167a859b055097989e140726
SSDEEP

1536:KqnGvA3RniIoOxShC51a5OtTHtPe+jCSON1:zGYRiIoOIC/asTHtDzg1

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

172.183.76.152:4444

Extracted

Family

phorphiex

C2

http://185.215.113.84

http://185.215.113.66

Targets

- Target
  
  53c9a6fc60f1b68e23f9a4060452d035af7e2eb73fec2f42b6012fc98417115a/53c9a6fc60f1b68e23f9a4060452d035af7e2eb73fec2f42b6012fc98417115a.exe
- Size
  
  72KB
- MD5
  
  449c0175718415174c3961728c7b48ba
- SHA1
  
  573e1558ba736edefc6a41dda6505f07b9eddfd8
- SHA256
  
  53c9a6fc60f1b68e23f9a4060452d035af7e2eb73fec2f42b6012fc98417115a
- SHA512
  
  423841097e9711322c647735f69a40105ca1a9a5d4245b92d1334909f6fde9d4ef2df195296b929c052022ba677c6705cdea6779f43f3cd767261b5bf9065efe
- SSDEEP
  
  1536:Ij2YmZ2WQAZ+4DRkT4Us96osMiq1Mb+KR0Nc8QsJq39:Iq2e1ixoNiue0Nc8QsC9
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
behavioral1 behavioral2
- Target
  
  6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8e/6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8e.exe
- Size
  
  10KB
- MD5
  
  ed9fbbbe548c41479cb70e4d694793d0
- SHA1
  
  a0bde162d2241ab2acb58544511a41df30a096a7
- SHA256
  
  6fc8b5b8a90cf8ba7e0eb930fcdde776f8eeb3f37913318df7766a365e13fa8e
- SHA512
  
  49652367fec13a1e7a188fd039bf8a9fae6be72fdc31e7597bbcfdf30375277f6a7e09b74bd5a2adf1696cf720998c751b7e1671afa3a59c4dfa7069bca543fb
- SSDEEP
  
  192:Jd94uPG8E1CDSnzmgp+eMwY46BJxT43thW:394u5SCDSnJo+c83
Score

10^/10

phorphiex xmrig discovery evasion execution loader miner persistence trojan worm
- Modifies security service
  evasion
- Phorphiex family
  phorphiex
- Phorphiex payload
- Phorphiex, Phorpiex
  Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
  worm trojan loader phorphiex
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral3 behavioral4