metasploit | 56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387 | Triage

Sharing

General

Target

56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387
Size

242KB
Sample

241221-ttpzmaspdt
MD5

46d335c5ac5b074bd1e1a96a10706a70
SHA1

67126a2262b8bae92a1542f0c79ef4220f8a4c99
SHA256

56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387
SHA512

78df3b00d0e51c65949c890b2e9eb3859914bae2375fb63005b081d21e0f28e38b90d0be6fcaf382123e09abf9b15e3ea09799b658add51e75057b17ec36e2b9
SSDEEP

6144:cYUOLxSH61sv7t86m49F/4jXGpZ13H1TugPAPO4syfI:C+1u/F2IZtdug43siI

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://globalcert.io.global.prod.fastly.net:443/api/v1/user/512/avatar

Targets

- Target
  
  d.exe
- Size
  
  556KB
- MD5
  
  525d814ba020a890dd87677747f01f90
- SHA1
  
  7525642890e312224a14754dcf4006b5cd9d1575
- SHA256
  
  814af02b5de01b583cad8808550f7f44c06b473cf92e04da6708120a30fbefcd
- SHA512
  
  e350caf0d73b9335e2544f4e63e7abd14dde08060044cf91a7259314561800f696647c7242b43a726ac7e3fe7b0fe3765b9246b8950eded7449705a3e2dc2a59
- SSDEEP
  
  12288:TMN1EWOMZuXY6rNGu9X/9FxSvFWQbXiyadK3uw7zT4q:TMN1EWOMZuXYQcc9F4WQbXiyadK3N7P
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan