Overview

overview

10

Static

static

fb6e630be6...36.exe

windows7_x64

3

fb6e630be6...36.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036

  • Size

    84KB

  • Sample

    220520-dsr5lafca8

  • MD5

    c5ad0421f91222c171c271f87c6061f5

  • SHA1

    519587e403dafb85f33f8490f64d6d6e6d035bb2

  • SHA256

    fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036

  • SHA512

    6e4bb50c2107965b2e0ab6defd7b78e808c1bf1a3b999f868c98e1ee20ca9c29687aa398b38a3ab37051dc1f570e995e7654208ad7cfe0e2af8d882e998f1010

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://167.99.73.143:443/bgZP3X5UOnyPy47K0TMZLgqHarw2HV1Mi8x3WHXvunSTGmXe_NTMPb6-DnzwTFdUgSBn2UFjaet13vLREqp_PvHS3znEqaZOh2BARrqe2tSeR0-EYqUTqWgHFcPuDMO3EdNL-c5Ey5yRS4lHCzs9ZXyItJfYWMVNTvb51gjivgbGhj-Ew8gltksOVljKht7u

Targets

    • Target

      fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036

    • Size

      84KB

    • MD5

      c5ad0421f91222c171c271f87c6061f5

    • SHA1

      519587e403dafb85f33f8490f64d6d6e6d035bb2

    • SHA256

      fb6e630be6338a0eddec9b6c000ae5e874f7e465b1d7385923939da803b17036

    • SHA512

      6e4bb50c2107965b2e0ab6defd7b78e808c1bf1a3b999f868c98e1ee20ca9c29687aa398b38a3ab37051dc1f570e995e7654208ad7cfe0e2af8d882e998f1010

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks