Overview

overview

10

Static

static

49f80e9afc...6a.exe

windows7_x64

10

49f80e9afc...6a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

  • Size

    275KB

  • Sample

    201110-h8pfl74v9x

  • MD5

    64e6a76b7bfdd1a130c2bb64ab92cf75

  • SHA1

    39caec38241b08286a1a52d87dbfdc1a10fb91b8

  • SHA256

    49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

  • SHA512

    5ac8a8034c935f75b496717eceb00b6f594d1a4ec527a12f7ae8d4b078debe9a5ce95c6e5838811386dd060371ab13c9abdeb1bf297c6df007d9dd972ce89b9b

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://144.48.9.115:443/YCiX

Targets

    • Target

      49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

    • Size

      275KB

    • MD5

      64e6a76b7bfdd1a130c2bb64ab92cf75

    • SHA1

      39caec38241b08286a1a52d87dbfdc1a10fb91b8

    • SHA256

      49f80e9afca6ccd55838cd0e16639d51ed5db3d751f36ba7d79ea0678b50da6a

    • SHA512

      5ac8a8034c935f75b496717eceb00b6f594d1a4ec527a12f7ae8d4b078debe9a5ce95c6e5838811386dd060371ab13c9abdeb1bf297c6df007d9dd972ce89b9b

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks