metasploit | d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043 | Triage

Submit
Reports

Overview

overview

Static

static

8

d3a5ce6ad4...43.exe

windows7-x64

d3a5ce6ad4...43.exe

windows10-2004-x64

Sharing

General

Target

d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043
Size

347KB
Sample

220919-cs8lxaccg7
MD5

5180d37dfabb7fa22fd7f1a02fc4babb
SHA1

af3037f4c8f0300fa47c71261d70355d3ac66a9a
SHA256

d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043
SHA512

1c1d9ce8f9fe0b1ddac632e532acbb585fec40adc4fcab554db05b0ce4ad17dd672163d916b45e66b67cf2ad68ec018c2137da27408a328b4c28022df82f1937
SSDEEP

6144:MxLjTaCEbW1gIPp6nlml+19yxKpbj+mYl+eL:MxWBi3E11pbymYlV

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043.exe

Resource

win7-20220812-en

metasploit backdoor trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043.exe

Resource

win10v2004-20220812-en

metasploit backdoor trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043
- Size
  
  347KB
- MD5
  
  5180d37dfabb7fa22fd7f1a02fc4babb
- SHA1
  
  af3037f4c8f0300fa47c71261d70355d3ac66a9a
- SHA256
  
  d3a5ce6ad491e40495d04c7c715e927d6fd72f3b8101f8c3f8cfc6a1e4d9a043
- SHA512
  
  1c1d9ce8f9fe0b1ddac632e532acbb585fec40adc4fcab554db05b0ce4ad17dd672163d916b45e66b67cf2ad68ec018c2137da27408a328b4c28022df82f1937
- SSDEEP
  
  6144:MxLjTaCEbW1gIPp6nlml+19yxKpbj+mYl+eL:MxWBi3E11pbymYlV
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy