metasploit | 110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d | Triage

Submit
Reports

Overview

overview

Static

static

110841b6d0...3d.exe

windows7_x64

110841b6d0...3d.exe

windows10-2004_x64

Sharing

General

Target

110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d
Size

152KB
Sample

220604-l9vwtafbem
MD5

2274dba9c4d0861b407c428a8eb13a07
SHA1

c49a8c69b8e17ddbe3f13f570e43b5887d7e35f7
SHA256

110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d
SHA512

c6605052245c95ef8fcd5468d4621f050c6dc835765b021ab5b4377278de22bd8149281dd0d9781e9a2a79d779204ed4736d4a146ebe2b740d20afb00a840d9c

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d.exe

Resource

win7-20220414-en

metasploit backdoor trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d.exe

Resource

win10v2004-20220414-en

metasploit backdoor trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d
- Size
  
  152KB
- MD5
  
  2274dba9c4d0861b407c428a8eb13a07
- SHA1
  
  c49a8c69b8e17ddbe3f13f570e43b5887d7e35f7
- SHA256
  
  110841b6d0517e77741d0c254f71bd8a3d39d405d5742ee2e2d8ce1536d9103d
- SHA512
  
  c6605052245c95ef8fcd5468d4621f050c6dc835765b021ab5b4377278de22bd8149281dd0d9781e9a2a79d779204ed4736d4a146ebe2b740d20afb00a840d9c
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy