metasploit | d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84 | Triage

Submit
Reports

Overview

overview

Static

static

d6aea4ff50...84.exe

windows7_x64

d6aea4ff50...84.exe

windows10-2004_x64

Sharing

General

Target

d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84
Size

204KB
Sample

220615-hyb3saege7
MD5

2a05e4ea6f36aa1c3a5be5c90e4621b0
SHA1

8f3487708f376e0aed5f45ca17343ae4efc57336
SHA256

d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84
SHA512

1f0e857bf840046b551bc21eac3252b39c2a9ca26551c933b035830b235e3904e51f3f2466988b005fda31f3b4f58e1d5c3938cd758b517b7b15b3c237cd792a

Score

10^/10

metasploit backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84.exe

Resource

win7-20220414-en

metasploit backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84.exe

Resource

win10v2004-20220414-en

metasploit backdoor trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84
- Size
  
  204KB
- MD5
  
  2a05e4ea6f36aa1c3a5be5c90e4621b0
- SHA1
  
  8f3487708f376e0aed5f45ca17343ae4efc57336
- SHA256
  
  d6aea4ff503f9694f046766d48f5dcf61d7ab856a07793e486cb6ec5310a8e84
- SHA512
  
  1f0e857bf840046b551bc21eac3252b39c2a9ca26551c933b035830b235e3904e51f3f2466988b005fda31f3b4f58e1d5c3938cd758b517b7b15b3c237cd792a
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy