metasploit | e8840dd3399e063dd23765bf82067c2f58f03cf3709e84d3dd85ffe99351a303 | Triage

Sharing

General

Target

ps1010.ps1
Size

7KB
Sample

241119-nd92zavmfz
MD5

3a857403ef0d05f9cce0527c8f50017e
SHA1

99f5796ce4360edd426b51b6039119e8935237da
SHA256

e8840dd3399e063dd23765bf82067c2f58f03cf3709e84d3dd85ffe99351a303
SHA512

2bd63b530ebe9c0f794517fe2bd5d958c9e20b8d386d40a47162484527db5db078e2f79d3608f1f5526dfeea7635cba4d65e786f046395a996add394a78d1e4e
SSDEEP

192:wk5qvXhjyhwvz2PrrdIbST3nKTwQXh9Le:wkcXhjyhGzudIk3K8QXhI

Score

10^/10

metasploit backdoor discovery execution trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

18.158.58.205:17973

Targets

- Target
  
  ps1010.ps1
- Size
  
  7KB
- MD5
  
  3a857403ef0d05f9cce0527c8f50017e
- SHA1
  
  99f5796ce4360edd426b51b6039119e8935237da
- SHA256
  
  e8840dd3399e063dd23765bf82067c2f58f03cf3709e84d3dd85ffe99351a303
- SHA512
  
  2bd63b530ebe9c0f794517fe2bd5d958c9e20b8d386d40a47162484527db5db078e2f79d3608f1f5526dfeea7635cba4d65e786f046395a996add394a78d1e4e
- SSDEEP
  
  192:wk5qvXhjyhwvz2PrrdIbST3nKTwQXh9Le:wkcXhjyhGzudIk3K8QXhI
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan