Date: 06/23/2025
Severity: Medium
Summary
Meterpreter is a trojan-type malware that allows attackers to remotely control infected systems by injecting itself into existing processes. It can send/receive files, execute commands, capture screenshots, and log keystrokes. Commonly spread via infected email attachments, malicious ads, and social engineering, it often leads to further malware infections like ransomware. Its primary goals include data theft and financial gain. Protection involves using antivirus tools, firewalls, IDS/IPS systems, employee training, and regularly updating software.
Indicators of Compromise (IOC) List
Hash | a634a665f4fad842099a4fa13021650c
f550e14690aede13722bebd76c6d71f4
12cd6481aa5f0aa3d3fdbf6a42dca282
8eb7f1d90d49aaeec454723a5ee1002a
81fb65af1552e9741ff9102d3b46d702a5457076
ce711e1e23f119db35d2d4b18db3fa06c91d526e
10cb1da3d27d7c1009824a2700ccdbd90bca8759
05784fbca94eee731d11f2046329392771a31dd4
004a1de7b1854a7a4deaca0ef07634a6ae617ef64c944a19a33bc7f4ef7e2c2d
5c10cd290f04f5ecf56fbb037ed473590c1a833010ece728a483ceb05d98d31e
308398ef32e5bd6d71746e39e9abbddae250c3ac2ad77235e605f51eeaacdc8c
e5e1e5eec026118289b024ee6d772e8ea0ba8a8017fbf980ee5d39077e5a9807
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | md5hash IN ("a634a665f4fad842099a4fa13021650c","f550e14690aede13722bebd76c6d71f4","8eb7f1d90d49aaeec454723a5ee1002a","12cd6481aa5f0aa3d3fdbf6a42dca282")
|
Detection Query 2 : | hash IN ("81fb65af1552e9741ff9102d3b46d702a5457076","05784fbca94eee731d11f2046329392771a31dd4","ce711e1e23f119db35d2d4b18db3fa06c91d526e","10cb1da3d27d7c1009824a2700ccdbd90bca8759")
|
Detection Query 3 : | sha256hash IN ("004a1de7b1854a7a4deaca0ef07634a6ae617ef64c944a19a33bc7f4ef7e2c2d","308398ef32e5bd6d71746e39e9abbddae250c3ac2ad77235e605f51eeaacdc8c","5c10cd290f04f5ecf56fbb037ed473590c1a833010ece728a483ceb05d98d31e","e5e1e5eec026118289b024ee6d772e8ea0ba8a8017fbf980ee5d39077e5a9807")
|
Reference:
https://rewterz.com/threat-advisory/meterpreter-malware-active-iocs-5