Overview

overview

10

Static

static

10

msword.dll

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    msword.dll

  • Size

    8KB

  • Sample

    220721-xzrl7aaael

  • MD5

    9c4ca241b15fd2e220d96eb3886b0083

  • SHA1

    6547058a524b3a6cc8fff2eca9fca565a6f1575e

  • SHA256

    800d9f3d161f9ee7b11f7e32694ce01d74b7380849fe09ab2c6387a356ae3bd1

  • SHA512

    fe1305b8ed517612e28a824daaf2f35fe00a022a2c1aae05a19187a587d63171feabb931df9f4a2a90706afecf24398426a10701f23e7faf22f7e8ff3537a89e

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

metasploit_stager

C2

183.191.40.147:16406

Targets

    • Target

      msword.dll

    • Size

      8KB

    • MD5

      9c4ca241b15fd2e220d96eb3886b0083

    • SHA1

      6547058a524b3a6cc8fff2eca9fca565a6f1575e

    • SHA256

      800d9f3d161f9ee7b11f7e32694ce01d74b7380849fe09ab2c6387a356ae3bd1

    • SHA512

      fe1305b8ed517612e28a824daaf2f35fe00a022a2c1aae05a19187a587d63171feabb931df9f4a2a90706afecf24398426a10701f23e7faf22f7e8ff3537a89e

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks