metasploit | ecb965ccea59652f730005d709c3f78b77345a0ad9c1f25ed372c156aafcfb2f | Triage

Resubmissions

20-01-2025 21:30

250120-1cqcdszphy 10

20-01-2025 21:24

250120-z82jvsznbv 10

Sharing

General

Target

ouchpdf.zip
Size

367KB
Sample

250120-1cqcdszphy
MD5

1a68c80abd10d72c1dbdf642a56525a1
SHA1

b6b3760256c651bbe2af695209f7b105d3f04d59
SHA256

ecb965ccea59652f730005d709c3f78b77345a0ad9c1f25ed372c156aafcfb2f
SHA512

46d7f78edbeeeab8bcf5e05c21754528b8a466c8af905b4de5c9ba8bb1701685a001d1c586c1713ea92cbc7cc175f81a49f10cbe28ced2e75a77754ecd27349e
SSDEEP

6144:WJeJwtqFElPB9xce7IQauH09b3hJIILeKPu+MBqUz4vdycc5xQB1Gt98uGVV:W4qqqPB9x6bII9cJ8v0cRBQ8uW

Score

10^/10

metasploit backdoor discovery javascript link pdf trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://10.1.1.155:8080/2nvF

Targets

- Target
  
  ouch.pdf
- Size
  
  527KB
- MD5
  
  46aab7df8880fb43ce1520d0d54377fa
- SHA1
  
  c4d43cc7289d40f398e0bdb53c5b02233a78c879
- SHA256
  
  bd1dc293d92c8d48f0cabf695fa881ee2b26c0fd9191d255b50a4df82c55659a
- SHA512
  
  333bcc9bd9a3675947c0f36282ef20a6ad831dcf727f80e4b49ca708600fcb64685e6b4f14be67aadfe0bbd00e5b77b2daeb339d233ae2b3f712f1248cfad0e9
- SSDEEP
  
  6144:bHp9ZOmVz/rxkgL5tnYPO/OPsKq3BNnqCRDRSOUxcEghyQ9EPS5:bL5b1kC5tYPaOV0NfRtSBxohcS5
Score

3^/10

discovery
behavioral1
- Target
  
  ouch.pdf
- Size
  
  72KB
- MD5
  
  a3df24a493c9c5f9fd261561b40a913d
- SHA1
  
  212ad7a4277ccaf2e8c9f67f8c9f2792f8cbabed
- SHA256
  
  2683f130ab23a059073ef74c1090742f68991181c25ddd1fc88278b08772138a
- SHA512
  
  4a4eb2a9a3d738bd5551af004acb169477b1cc90e834efc7ba2b06d6154baaeb0b9a3de7d3d541e9108e1a5514b89d4cf606b3e45938f331a09313dc7c1dbe9d
- SSDEEP
  
  1536:IwYVEl1y6LKG+5bAOJokjecQPMb+KR0Nc8QsJq39:uV+1y6eG+5bHokqcQPe0Nc8QsC9
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

pdflinkjavascriptmetasploit

behavioral1

behavioral2

metasploitbackdoordiscoverytrojan