Overview

overview

10

Static

static

3f717df21d...fe.doc

windows7_x64

10

3f717df21d...fe.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f717df21dee2bd51394424c8be036fe

  • Size

    365KB

  • Sample

    201214-1xblz2aq1e

  • MD5

    3f717df21dee2bd51394424c8be036fe

  • SHA1

    d20436e843e4159f29737fab5e812406eb6512d4

  • SHA256

    aa148483dfb6570d166b18430f7a1e6b0496ef687589b38ba5ab1b2b5bdff682

  • SHA512

    f79b8d1f53b243929fa307560aa605d522c5c71c606166557cd9bf095c8393c188bab9aaaff38456552e8a9b08457c36ca522369f40e2ccc097e86ee369ecad9

Score
10/10
metasploitbackdoortrojan

Malware Config

Targets

    • Target

      3f717df21dee2bd51394424c8be036fe

    • Size

      365KB

    • MD5

      3f717df21dee2bd51394424c8be036fe

    • SHA1

      d20436e843e4159f29737fab5e812406eb6512d4

    • SHA256

      aa148483dfb6570d166b18430f7a1e6b0496ef687589b38ba5ab1b2b5bdff682

    • SHA512

      f79b8d1f53b243929fa307560aa605d522c5c71c606166557cd9bf095c8393c188bab9aaaff38456552e8a9b08457c36ca522369f40e2ccc097e86ee369ecad9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks