Overview

overview

10

Static

static

991a222bdb...eb.dll

windows7_x64

10

991a222bdb...eb.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5145994822189056.zip

  • Size

    254KB

  • Sample

    201123-v97282yt96

  • MD5

    964a7122bc78ba984931a46f0167d33f

  • SHA1

    a5f249114ead341b937e317556470dff29f8928b

  • SHA256

    0565733747d017f4de473dfd545bd3be947d7e1f105501ff9ee0d4ca42c08a5b

  • SHA512

    e1b8e9d6d1aff5a3ecbc9ddd5b7e1594a5385ca21931d5f6b10585d27c01eea32a060d36071d753bbac5806d8a858f0372f9430b3c7329c97519aa8c9494e254

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://kungfupandasa.com:443/wp-includes/boxes.png

Targets

    • Target

      991a222bdbeb5d25b9f9445496112af904ac7b677b6296810727e6e403f5f5eb

    • Size

      673KB

    • MD5

      5c1fce8fa3e228b8f2641bb1f7a29c3f

    • SHA1

      29234654f799ff6ea89fada6af32763c02fff1eb

    • SHA256

      991a222bdbeb5d25b9f9445496112af904ac7b677b6296810727e6e403f5f5eb

    • SHA512

      2452da3830efa1a42625fa68c6858eac3625b5bdf7100cf06a424bc2b9ffd488f58c689ac4e6c71f2e25171c3a118dfb5771a9725f46a8208f147838bfa57add

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks