metasploit | a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333 | Triage

Submit
Reports

Overview

overview

Static

static

3

a8b1650fa5...33.exe

windows7-x64

a8b1650fa5...33.exe

windows10-2004-x64

Sharing

General

Target

a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333
Size

3.6MB
Sample

240627-y9g16sygpg
MD5

c6d93d22769ff79b5bce433c959cceb5
SHA1

cbf8a4e2d5cc261dde9e6c639346f590c7139e87
SHA256

a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333
SHA512

5fbbce3989bf5b22a1027cc4844766b09c633892dd5c02f9d084b204cc48e6226457c19685199b5bcefb678ce41428674d2fba3ae3392fcb5fc39441974069c0
SSDEEP

49152:o08shxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKfPkQThMYRMnm7LBX:o08ddsGaQNgS1C6eVngKpq

Score

10^/10

metasploit backdoor bootkit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333.exe

Resource

win7-20240508-en

metasploit backdoor bootkit persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333.exe

Resource

win10v2004-20240508-en

metasploit backdoor bootkit persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.1.175:2523

212.154.6.128:2523

Targets

- Target
  
  a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333
- Size
  
  3.6MB
- MD5
  
  c6d93d22769ff79b5bce433c959cceb5
- SHA1
  
  cbf8a4e2d5cc261dde9e6c639346f590c7139e87
- SHA256
  
  a8b1650fa5f73eaaccf9a3406c9c9d9a024e2c8ebae1d63d97dfb5da9466e333
- SHA512
  
  5fbbce3989bf5b22a1027cc4844766b09c633892dd5c02f9d084b204cc48e6226457c19685199b5bcefb678ce41428674d2fba3ae3392fcb5fc39441974069c0
- SSDEEP
  
  49152:o08shxtUg9OUi82w6aQp9dgS1GUL38XhCOYc3iJXe9emEPGKfPkQThMYRMnm7LBX:o08ddsGaQNgS1C6eVngKpq
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoorbootkitpersistencetrojan

© 2018-2024

Terms | Privacy