Overview

overview

10

Static

static

8

9e73b71493...4d.exe

windows7_x64

10

9e73b71493...4d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e73b71493e907242d7330797e81c95f282cc414ee14f7790c0853aa188aa84d

  • Size

    3.4MB

  • Sample

    201111-9jv9j2bs1j

  • MD5

    2ecd1b370d2c29b27160ca1a8e18df1b

  • SHA1

    043ce493c650fbf65bc71cc323ff7e409878b263

  • SHA256

    9e73b71493e907242d7330797e81c95f282cc414ee14f7790c0853aa188aa84d

  • SHA512

    fa4ca1702631974e3d55517b9e8642652423215ad3ad99bde8520f0bc550f2771320860c0730d5c1d932b0923082b713c549d35d683a482a718793cc0a046b0b

Score
10/10
metasploitbackdoortrojanvmprotect

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://47.91.237.42:8443/blIF

Targets

    • Target

      9e73b71493e907242d7330797e81c95f282cc414ee14f7790c0853aa188aa84d

    • Size

      3.4MB

    • MD5

      2ecd1b370d2c29b27160ca1a8e18df1b

    • SHA1

      043ce493c650fbf65bc71cc323ff7e409878b263

    • SHA256

      9e73b71493e907242d7330797e81c95f282cc414ee14f7790c0853aa188aa84d

    • SHA512

      fa4ca1702631974e3d55517b9e8642652423215ad3ad99bde8520f0bc550f2771320860c0730d5c1d932b0923082b713c549d35d683a482a718793cc0a046b0b

    Score
    10/10
    metasploitbackdoortrojanvmprotect

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks