Overview

overview

10

Static

static

10

c9a4b69fd8...09.dll

windows7_x64

10

c9a4b69fd8...09.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009

  • Size

    5KB

  • Sample

    201108-say7cqeetx

  • MD5

    a3bfdf001d9e5e1276b95a112b74d37f

  • SHA1

    cba777ad1363ad2840d43cfff8833ca22ff8c0d0

  • SHA256

    c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009

  • SHA512

    4a48b115adaf593997f73c16c3424eb461b752ea39e5247e8252e1b92c02b5d9b0ba42da2cb63fc8592b52116786cf1631608105bf29c617f223c9d13e48fcbc

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://example.com:80/hop.php?/12345

Targets

    • Target

      c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009

    • Size

      5KB

    • MD5

      a3bfdf001d9e5e1276b95a112b74d37f

    • SHA1

      cba777ad1363ad2840d43cfff8833ca22ff8c0d0

    • SHA256

      c9a4b69fd8936fabe1d044c35baaa28e4bd0aa563769a76d4dba7c16e6fc3009

    • SHA512

      4a48b115adaf593997f73c16c3424eb461b752ea39e5247e8252e1b92c02b5d9b0ba42da2cb63fc8592b52116786cf1631608105bf29c617f223c9d13e48fcbc

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks