Overview

overview

10

Static

static

10

11023b819f...aa.exe

windows7_x64

10

11023b819f...aa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa

  • Size

    58KB

  • Sample

    220604-mh7lzafffm

  • MD5

    9329985551d50c0a858d50668f714774

  • SHA1

    b0346c80e1343c9060ad52360fe57ada0860ea9f

  • SHA256

    11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa

  • SHA512

    30d06dd4badbe5c44829a8b64e772637d852e2d933781f6bf06705186d3e430b994e674746969b36b18e8fcba3bfed8705c3f7ce7cfff61219a0f169a068bf31

Score
10/10
metasploitbackdoorevasionpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa

    • Size

      58KB

    • MD5

      9329985551d50c0a858d50668f714774

    • SHA1

      b0346c80e1343c9060ad52360fe57ada0860ea9f

    • SHA256

      11023b819f2ab50a2f84f8733af770df40105f1438d8766da2c1c3cb6f949faa

    • SHA512

      30d06dd4badbe5c44829a8b64e772637d852e2d933781f6bf06705186d3e430b994e674746969b36b18e8fcba3bfed8705c3f7ce7cfff61219a0f169a068bf31

    Score
    10/10
    metasploitbackdoorevasionpersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks