metasploit | 42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e | Triage

Submit
Reports

Overview

overview

Static

static

8

42cdba240e...0e.exe

windows7-x64

42cdba240e...0e.exe

windows10-2004-x64

Sharing

General

Target

42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e
Size

5.1MB
Sample

220829-e8dgtabeck
MD5

7d40d6c7a64f2f70d0056011b5171894
SHA1

5a648bf75eefe40144d94d225e68bd97e7852de2
SHA256

42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e
SHA512

3d4e8125637eb494757d24260c66eb07f67a95dcec1a2992a093be268da22f62bacc956610d183634bd3449f12a101e122ee660a44e98d909586429b1b1e5071
SSDEEP

98304:LpZJ27oEqTbDTzuSP+VWuONh9uhqeLJRo8OiqPP0u3FuPNM2UzlzU9V2MwZX8CMe:J27oEqrTwVWuwEhNEZpX0u30PpUzlzwm

Score

10^/10

metasploit backdoor trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e.exe

Resource

win7-20220812-en

metasploit backdoor trojan vmprotect

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e.exe

Resource

win10v2004-20220812-en

metasploit backdoor trojan vmprotect

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.9.142:4444

Targets

- Target
  
  42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e
- Size
  
  5.1MB
- MD5
  
  7d40d6c7a64f2f70d0056011b5171894
- SHA1
  
  5a648bf75eefe40144d94d225e68bd97e7852de2
- SHA256
  
  42cdba240e4c203c6f7da392866211f5ff069f9b9a04497d79889560aacba10e
- SHA512
  
  3d4e8125637eb494757d24260c66eb07f67a95dcec1a2992a093be268da22f62bacc956610d183634bd3449f12a101e122ee660a44e98d909586429b1b1e5071
- SSDEEP
  
  98304:LpZJ27oEqTbDTzuSP+VWuONh9uhqeLJRo8OiqPP0u3FuPNM2UzlzU9V2MwZX8CMe:J27oEqrTwVWuwEhNEZpX0u30PpUzlzwm
Score

10^/10

metasploit backdoor trojan vmprotect
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojanvmprotect

behavioral2

metasploitbackdoortrojanvmprotect

© 2018-2024

Terms | Privacy