metasploit | f581c7a38fabd5649256200e240e0c096ab74da9e47008faf4c512fb2cb73b5d | Triage

Sharing

General

Target

f581c7a38fabd5649256200e240e0c096ab74da9e47008faf4c512fb2cb73b5d
Size

81KB
Sample

250417-b3rkpsxzcz
MD5

3d9e156bdb2cc2c08f7b1daa70a9a6ea
SHA1

7b7ed486b3624ffc6213be27aebc7c7b450eb3c1
SHA256

f581c7a38fabd5649256200e240e0c096ab74da9e47008faf4c512fb2cb73b5d
SHA512

ab812fc20f8302767f83b99fb2f717aa730845fe433135233d058ccb3e4878ed414faf55f60667c3de9b3fecc2d7cc837bf5446930fcce3d84efd1dd86707fca
SSDEEP

1536:cAun6l5HSFNZ6E/vwkCJjnih3H7oNHTsWSscdy9aViJE5P:zuwHcNZ7wk3MtItyEiJE5

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://154.23.185.224:10330/jquery-3.3.1.slim.min.js

Attributes

headers Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: http://code.jquery.com/ Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Targets

- Target
  
  f581c7a38fabd5649256200e240e0c096ab74da9e47008faf4c512fb2cb73b5d
- Size
  
  81KB
- MD5
  
  3d9e156bdb2cc2c08f7b1daa70a9a6ea
- SHA1
  
  7b7ed486b3624ffc6213be27aebc7c7b450eb3c1
- SHA256
  
  f581c7a38fabd5649256200e240e0c096ab74da9e47008faf4c512fb2cb73b5d
- SHA512
  
  ab812fc20f8302767f83b99fb2f717aa730845fe433135233d058ccb3e4878ed414faf55f60667c3de9b3fecc2d7cc837bf5446930fcce3d84efd1dd86707fca
- SSDEEP
  
  1536:cAun6l5HSFNZ6E/vwkCJjnih3H7oNHTsWSscdy9aViJE5P:zuwHcNZ7wk3MtItyEiJE5
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan