metasploit | 728d6c34e2f3ae5ab5f2ce4a73dc8231f8ad01fed0ce0c28c58185164a802833 | Triage

Submit
Reports

Overview

overview

Static

static

8

35cb971daa...42.exe

windows7_x64

35cb971daa...42.exe

windows10_x64

Sharing

General

Target

4718076921937920.zip
Size

1.7MB
Sample

210202-zenqcbjlga
MD5

4488d6b01c1825f92ac2e1bfdfb6fd79
SHA1

4ad30952524d95b59bf74a779ff04fab6ed78b45
SHA256

728d6c34e2f3ae5ab5f2ce4a73dc8231f8ad01fed0ce0c28c58185164a802833
SHA512

829ab54501c098a0a20d4f44c339a2fb041004c14d4db50b7aa5a3f017d84a29a0179ae08d8c752e9b122811c0f0aaacb200ecddb878e19663550cc8a4cba081

Score

10^/10

metasploit adware backdoor discovery persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542.exe

Resource

win7v20201028

metasploit adware backdoor discovery persistence stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542.exe

Resource

win10v20201028

metasploit adware backdoor persistence stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://dazqc4f140wtl.cloudfront.net:80/ZZYO

Targets

- Target
  
  35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542
- Size
  
  1.7MB
- MD5
  
  6f50e6df7619de17ea9c8ba397d0e674
- SHA1
  
  bc85589185fb3a6a73a404538366e6696b17daab
- SHA256
  
  35cb971daafd368b71ad843a4e0b81c80225ec20d7679cfbf78e628ebcada542
- SHA512
  
  2e2a0b51d13aaf8fdeeb7518dc9b4cdae4241ea7ae1ae4a4c21cd5f0da8adc07777227abb8412dfdbd7392bdb7e8c0e6fb10600bfff4662905ed1e6de18d6da4
Score

10^/10

metasploit adware backdoor discovery persistence stealer trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitadwarebackdoordiscoverypersistencestealertrojanupx

behavioral2

metasploitadwarebackdoorpersistencestealertrojanupx

© 2018-2024

Terms | Privacy