Overview

overview

10

Static

static

8

invoice-02...22.xls

windows7_x64

10

invoice-02...22.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice-02-01-2022.zip

  • Size

    27KB

  • Sample

    220523-r8vsbaecd7

  • MD5

    0816703c1b37d2cdc0d99dc9380030c3

  • SHA1

    b437d95bd0b39073065f62422fe3e64466aecb5e

  • SHA256

    d91a7c741f9ab4ef681cb4924bb04453494c5a39762501258dabf202b8ec0f0a

  • SHA512

    f40d8ce12574e331f4dd34da3a9b88aa508bd5e84f3c7eefb93d1d0842b7f2785a2c7d561470558076e472cbb1855f90e8f1bdc72b82a4d208cb65a0b663787d

Score
10/10
metasploitbackdoormacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://shinyobjects.birds:80/metal.exe

Targets

    • Target

      invoice-02-01-2022.xls

    • Size

      51KB

    • MD5

      04a6bacaf107ae57c0dad8e133997418

    • SHA1

      9b3f379764d2501fc91164ecc67c5bbccad5d0ed

    • SHA256

      a3f128976fb477883db4f7ecc2aae05e61e2de224ad584454022aced8f8f5ca5

    • SHA512

      c1d90054931c457ae263746f26b3bcf2883d813c177078574aced6e49d197cb1794e5fb47e532dd2aca1646ac0d17baca10c59e42a59b04cc172ef2285d84d6c

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks