metasploit | 6e701fee29587298e88a1bce88b9ed6f2c32e29b0284762a998b6267e0c63f44 | Triage

Sharing

General

Target

Meeting.exe
Size

523KB
Sample

241115-w7glhszckj
MD5

67a74b903b55c8f76dbee43f52e8b792
SHA1

1bde798a60979c794661fb1a13a8529b18494d5e
SHA256

6e701fee29587298e88a1bce88b9ed6f2c32e29b0284762a998b6267e0c63f44
SHA512

8c0499279a4057ac1ea2e465e8b2ea3c97fabb040ee20366fada542178e0447b893d9ff498922f054e1b108315e3d65c6e34434f3fc0f4bd2f4fdc2d8a6f5acf
SSDEEP

12288:wyveQB/fTHIGaPkKEYzURNAwbAg6cmAmqb:wuDXTIGaPhEYzUzA0LmAPb

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

89.197.154.116:7810

Targets

- Target
  
  Meeting.exe
- Size
  
  523KB
- MD5
  
  67a74b903b55c8f76dbee43f52e8b792
- SHA1
  
  1bde798a60979c794661fb1a13a8529b18494d5e
- SHA256
  
  6e701fee29587298e88a1bce88b9ed6f2c32e29b0284762a998b6267e0c63f44
- SHA512
  
  8c0499279a4057ac1ea2e465e8b2ea3c97fabb040ee20366fada542178e0447b893d9ff498922f054e1b108315e3d65c6e34434f3fc0f4bd2f4fdc2d8a6f5acf
- SSDEEP
  
  12288:wyveQB/fTHIGaPkKEYzURNAwbAg6cmAmqb:wuDXTIGaPhEYzUzA0LmAPb
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan