metasploit | 9b67914768477c27bfec54e79955674d878e6489abc21344f13166ca9446c9a4 | Triage

Sharing

General

Target

9b67914768477c27bfec54e79955674d878e6489abc21344f13166ca9446c9a4.exe
Size

111KB
Sample

241202-lp88psvren
MD5

ce1c2378b676d5911eddc3758624c976
SHA1

c22076d3747e231f12b5773dd825b9dbf7231ac6
SHA256

9b67914768477c27bfec54e79955674d878e6489abc21344f13166ca9446c9a4
SHA512

a575b4cb25220bba8792bb0dc9f0feb9d3241d4a01c487bcfb6af45fe2ad380ab42525be345269f4eec130d4a0faba63e7cf2766c3f71664b287b9820827d10a
SSDEEP

3072:SwUYPGG9eAoHSwMm8KzF6N0dKMW+Wb+EyjOIpiAAiLF:SwUYz93oHSHBnyWj+EfIEwR

Score

10^/10

metasploit backdoor discovery evasion persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  9b67914768477c27bfec54e79955674d878e6489abc21344f13166ca9446c9a4.exe
- Size
  
  111KB
- MD5
  
  ce1c2378b676d5911eddc3758624c976
- SHA1
  
  c22076d3747e231f12b5773dd825b9dbf7231ac6
- SHA256
  
  9b67914768477c27bfec54e79955674d878e6489abc21344f13166ca9446c9a4
- SHA512
  
  a575b4cb25220bba8792bb0dc9f0feb9d3241d4a01c487bcfb6af45fe2ad380ab42525be345269f4eec130d4a0faba63e7cf2766c3f71664b287b9820827d10a
- SSDEEP
  
  3072:SwUYPGG9eAoHSwMm8KzF6N0dKMW+Wb+EyjOIpiAAiLF:SwUYz93oHSHBnyWj+EfIEwR
Score

10^/10

metasploit backdoor discovery evasion persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionpersistencetrojan

behavioral2

metasploitbackdoordiscoveryevasionpersistencetrojan