Overview

overview

10

Static

static

10

6d0aece3_b...is.msi

windows7_x64

10

6d0aece3_b...is.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d0aece3_by_Libranalysis

  • Size

    156KB

  • Sample

    210509-91h1c14mmj

  • MD5

    6d0aece3c6c497e5c95f5211391eeb5a

  • SHA1

    27fe022501362ce3d8aad3d8d0ecf0b869580ba0

  • SHA256

    9dc9fec6cfd0f7e565d2bcc58cc487f720d1b25bb650cb34431372d89c515fb5

  • SHA512

    59e6e29a37d37e54ac1c75820f35fa5a4c0fccbe6a7962addd6e929bcd75e8e8465a5c6b59f28b22d14e54a76bc619440bbc5374265072b2bf9145cf100eb7f0

Score
10/10
metasploitbackdoormacrotrojanxlm

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.22.53.161:10939

Targets

    • Target

      6d0aece3_by_Libranalysis

    • Size

      156KB

    • MD5

      6d0aece3c6c497e5c95f5211391eeb5a

    • SHA1

      27fe022501362ce3d8aad3d8d0ecf0b869580ba0

    • SHA256

      9dc9fec6cfd0f7e565d2bcc58cc487f720d1b25bb650cb34431372d89c515fb5

    • SHA512

      59e6e29a37d37e54ac1c75820f35fa5a4c0fccbe6a7962addd6e929bcd75e8e8465a5c6b59f28b22d14e54a76bc619440bbc5374265072b2bf9145cf100eb7f0

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks