metasploit

General

Target

9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
Size

199KB
Sample

201229-k6b7k5a56n
MD5

5b5e120a4cf6fd359750b10a3afe5dd1
SHA1

d54e0bb8305f468797fd03f22d64edef03fd65f3
SHA256

9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015
SHA512

a4e87629cb12aec6b7d280877210c241e5d9c129b099473ad3c54f2ba0ef6686d940ce8ffb9d65d2b5980e4a2441c87511d61b8fa600f63c26146b0739c6eb46

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://thedonald.win:443/t6pNyjKhMouuSa9I8aNlOQxTWalk1ZSCWvqscRqnGo-36PO2VBgdduQJebUNp8cgFO03Hha7yXrD9Q8hF5KFjWFydleor9rJO_IdHjJYnwDz3V3CD1ZzbMGMIRgBfd4oD91ekmuH9O36BFxS-ApQa4m-JXlszaAFF92RuNpJlwnOZQaIE

Targets

- Target
  
  9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015.exe
- Size
  
  199KB
- MD5
  
  5b5e120a4cf6fd359750b10a3afe5dd1
- SHA1
  
  d54e0bb8305f468797fd03f22d64edef03fd65f3
- SHA256
  
  9fb70c001307ee5f60eff1a9d9f5903ef909ddde5526cbe85a143d2fa6f51015
- SHA512
  
  a4e87629cb12aec6b7d280877210c241e5d9c129b099473ad3c54f2ba0ef6686d940ce8ffb9d65d2b5980e4a2441c87511d61b8fa600f63c26146b0739c6eb46
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Suspicious use of NtCreateProcessExOtherParentProcess
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

ServiceHost packer

Executes dropped EXE

UPX packed file

Drops startup file

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2