Overview

overview

10

Static

static

23189cc64c...52.exe

windows7_x64

10

23189cc64c...52.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23189cc64c0ccd26a4ddd11602b4af76bd2e381a0a28250bf257d8e239c42e52

  • Size

    95KB

  • Sample

    220612-c9fmfsbacl

  • MD5

    c74bb08e57a5cb5535b6348f2272ced9

  • SHA1

    fcf7da57789483170bd787e33175c112c776792c

  • SHA256

    23189cc64c0ccd26a4ddd11602b4af76bd2e381a0a28250bf257d8e239c42e52

  • SHA512

    0f8179c997cff1cd793aa51256e5070f4766722cee166674c40586e976656bfd01305996f44092d7fdede9e2504ca67a3c12e1bbbbbf704ce4758b1106ad90ee

Score
10/10
metasploitbackdoorpersistencetrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      23189cc64c0ccd26a4ddd11602b4af76bd2e381a0a28250bf257d8e239c42e52

    • Size

      95KB

    • MD5

      c74bb08e57a5cb5535b6348f2272ced9

    • SHA1

      fcf7da57789483170bd787e33175c112c776792c

    • SHA256

      23189cc64c0ccd26a4ddd11602b4af76bd2e381a0a28250bf257d8e239c42e52

    • SHA512

      0f8179c997cff1cd793aa51256e5070f4766722cee166674c40586e976656bfd01305996f44092d7fdede9e2504ca67a3c12e1bbbbbf704ce4758b1106ad90ee

    Score
    10/10
    metasploitbackdoorpersistencetrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks