Overview

overview

10

Static

static

b5fe9af692...c6.exe

windows7-x64

10

b5fe9af692...c6.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5fe9af692205ebc867859f7006712b34b5c4532e0895841c66d0aebb88cffc6

  • Size

    235KB

  • Sample

    220718-hmg5naabc4

  • MD5

    1f7f6928534ff002dbe843380d619e45

  • SHA1

    5712a3cd5c72e2cfb648135a97850637ac9c4681

  • SHA256

    b5fe9af692205ebc867859f7006712b34b5c4532e0895841c66d0aebb88cffc6

  • SHA512

    8ec6d3bd9d30f9b659bcf22d23e6985e5e88b7ef5b719f7e23250a18b267218bc0b62d5cf07b057fe5f3105228313385d33b3a63d75107ec44d7f519caf9a3b9

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.30.4.18:5555

Targets

    • Target

      b5fe9af692205ebc867859f7006712b34b5c4532e0895841c66d0aebb88cffc6

    • Size

      235KB

    • MD5

      1f7f6928534ff002dbe843380d619e45

    • SHA1

      5712a3cd5c72e2cfb648135a97850637ac9c4681

    • SHA256

      b5fe9af692205ebc867859f7006712b34b5c4532e0895841c66d0aebb88cffc6

    • SHA512

      8ec6d3bd9d30f9b659bcf22d23e6985e5e88b7ef5b719f7e23250a18b267218bc0b62d5cf07b057fe5f3105228313385d33b3a63d75107ec44d7f519caf9a3b9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks