metasploit | 42ae60f29d5f12e14056c8a043556fb53bb1fafd33693135105d6beee3d494db | Triage

Sharing

General

Target

2024-11-14_d6c4530793537e06d81ed8d4025bf372_karagany_mafia
Size

2.9MB
Sample

241114-mz3pcasjbk
MD5

d6c4530793537e06d81ed8d4025bf372
SHA1

749eeb5bc7456594354cd587cc614e55e637cc3d
SHA256

42ae60f29d5f12e14056c8a043556fb53bb1fafd33693135105d6beee3d494db
SHA512

577627978c642af4a38c4d10d3ee9596708178c8e936d869c8f1ede1bf6fcbdf91df82e74ba7fb3d6b3c6c2667dab87a0737d78afbec613693586185c1b0e908
SSDEEP

49152:otg7ETQsdSKNQ5bzPQzqhwCdxKKTUqZIt7tTt+YsaGGCj/TeDeJQxHEExLz4k8:mtdSOQ5XImaKZUga7tMFGNDtNEoJ8

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://105.112.178.164:80/SRho

Targets

- Target
  
  2024-11-14_d6c4530793537e06d81ed8d4025bf372_karagany_mafia
- Size
  
  2.9MB
- MD5
  
  d6c4530793537e06d81ed8d4025bf372
- SHA1
  
  749eeb5bc7456594354cd587cc614e55e637cc3d
- SHA256
  
  42ae60f29d5f12e14056c8a043556fb53bb1fafd33693135105d6beee3d494db
- SHA512
  
  577627978c642af4a38c4d10d3ee9596708178c8e936d869c8f1ede1bf6fcbdf91df82e74ba7fb3d6b3c6c2667dab87a0737d78afbec613693586185c1b0e908
- SSDEEP
  
  49152:otg7ETQsdSKNQ5bzPQzqhwCdxKKTUqZIt7tTt+YsaGGCj/TeDeJQxHEExLz4k8:mtdSOQ5XImaKZUga7tMFGNDtNEoJ8
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan