metasploit | 53c9abf3e3d86b1d9d633aff273a70f11e83858d3fdb362108395f170bcdebc4 | Triage

Submit
Reports

Overview

overview

Static

static

138.exe

windows7_x64

138.exe

windows10_x64

Analysis

max time kernel
128s
max time network
130s
platform
windows7_x64
resource
win7
submitted
28-10-2020 16:03

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

138.exe

Resource

win7

metasploit backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

138.exe

Resource

win10

metasploit backdoor trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

138.exe
Size

14KB
MD5

eba756c4ffcfca98548e2e4b50aada85
SHA1

19c6129cb8ae4c392931196d10a36e35b245df6a
SHA256

53c9abf3e3d86b1d9d633aff273a70f11e83858d3fdb362108395f170bcdebc4
SHA512

496262a3cf5111e42b901f185312c5928578519bb7fceed7297bae9737f85c2a1c00b48377e871ea1b5b98e012ab99d61d4129e7f1ae53cb6a0ac21a80f50576

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://69.30.232.138:80/qFDa

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; Touch; MASPJS)

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\138.exe
"C:\Users\Admin\AppData\Local\Temp\138.exe"
1⤵
PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1976-1-0x000007FEF7690000-0x000007FEF790A000-memory.dmp

Filesize
2.5MB

Download

© 2018-2024

Terms | Privacy