Overview

overview

10

Static

static

8

78f1c99154...71.exe

windows7_x64

10

78f1c99154...71.exe

windows10_x64

10

Resubmissions

30-08-2021 10:50

210830-bw922mm9ha 10

25-07-2021 06:19

210725-wgdbbyc276 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78f1c99154816317fae2c68f6310ae71.exe

  • Size

    28KB

  • Sample

    210725-wgdbbyc276

  • MD5

    78f1c99154816317fae2c68f6310ae71

  • SHA1

    a91ff3bd6339cc48712571ee539c974024236033

  • SHA256

    5dc5d009a19088a3c39c66eb561c7444eaebf1b46ff2982ece0b4352ba769fa2

  • SHA512

    f13c4ff6bb1402acc9d9020c17d9dc7ac74bc49d85a4783368487cfea9fb4f49f79bccfd46ecbc2496305fe03e93ee19f70a6863877ba207b5a25321ac89b65d

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://5.189.184.60:443/components/massaction.ico

Targets

    • Target

      78f1c99154816317fae2c68f6310ae71.exe

    • Size

      28KB

    • MD5

      78f1c99154816317fae2c68f6310ae71

    • SHA1

      a91ff3bd6339cc48712571ee539c974024236033

    • SHA256

      5dc5d009a19088a3c39c66eb561c7444eaebf1b46ff2982ece0b4352ba769fa2

    • SHA512

      f13c4ff6bb1402acc9d9020c17d9dc7ac74bc49d85a4783368487cfea9fb4f49f79bccfd46ecbc2496305fe03e93ee19f70a6863877ba207b5a25321ac89b65d

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks