Overview

overview

10

Static

static

85f1225074...0c.exe

windows7_x64

10

85f1225074...0c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85f12250740d1be768cf62cb174e5bc1b5e4fb986115f4c1fb226c197f4c140c

  • Size

    2.0MB

  • Sample

    220708-vtzdqsbgcl

  • MD5

    907653218f98010e9dd2759ca94a9556

  • SHA1

    bc0e9c860734b67ac3c7cda7a4a174e379fdefa3

  • SHA256

    85f12250740d1be768cf62cb174e5bc1b5e4fb986115f4c1fb226c197f4c140c

  • SHA512

    e9da5d9ad778c61842e8d8255caebd62019257c27f23b7262b3f773d3b870a4c1bfc024e5758397918dad339c8e0ed6bb02ee8aed8294f782931beed4af97814

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

138.68.101.124:4444

Targets

    • Target

      85f12250740d1be768cf62cb174e5bc1b5e4fb986115f4c1fb226c197f4c140c

    • Size

      2.0MB

    • MD5

      907653218f98010e9dd2759ca94a9556

    • SHA1

      bc0e9c860734b67ac3c7cda7a4a174e379fdefa3

    • SHA256

      85f12250740d1be768cf62cb174e5bc1b5e4fb986115f4c1fb226c197f4c140c

    • SHA512

      e9da5d9ad778c61842e8d8255caebd62019257c27f23b7262b3f773d3b870a4c1bfc024e5758397918dad339c8e0ed6bb02ee8aed8294f782931beed4af97814

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks