Overview

overview

10

Static

static

paste-batt...ba.vbs

windows7_x64

10

paste-batt...ba.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paste-battar-2020-12-30.vba

  • Size

    7KB

  • Sample

    201231-v5e4r3mj26

  • MD5

    2d279b1ff24694aedac0940f3e297a71

  • SHA1

    983522f60204a435e0b05ee93608303c177a296d

  • SHA256

    ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

  • SHA512

    3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.77.130:8080

Targets

    • Target

      paste-battar-2020-12-30.vba

    • Size

      7KB

    • MD5

      2d279b1ff24694aedac0940f3e297a71

    • SHA1

      983522f60204a435e0b05ee93608303c177a296d

    • SHA256

      ed7953e4573f862ce1ff418416e392670944a7d1f25ce25b2164c903470b6daf

    • SHA512

      3948feaefed27971edf6d8f725a867b6975f54e9f9e183dfa8f61482303a300cb7910a920cf98ee5e7b65ef4e302f6da4b39d9a9a69cfd2b9c71af0cd1e9cde3

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks