metasploit | 0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7 | Triage

Submit
Reports

Overview

overview

Static

static

0e893cdfd9...d7.exe

windows7-x64

1

0e893cdfd9...d7.exe

windows10-2004-x64

Sharing

General

Target

0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7
Size

170KB
Sample

220919-dh59gadec4
MD5

3e3614d7f5c158939657e985eb4c5315
SHA1

f37d70a2e272241c7f2bcb71e2e6aa7b96aefcd3
SHA256

0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7
SHA512

29e2447027c31108b735e00785cc281c5b2fd54de85c9e33ec1640f8f14e8e579df07a3f3caa0e2faa600888539ff15fcea70a69b8ae30edef5b9f57da01e045
SSDEEP

3072:j2Rg22PY0+LjJp5/5u6ElqrtCeHrIKWGSjG0rlhc3Ij3JQ/oJishIUOku:sh2PcjJp7kIrtCXRjG0rg4j7zu

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7.exe

Resource

win10v2004-20220901-en

metasploit backdoor trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7
- Size
  
  170KB
- MD5
  
  3e3614d7f5c158939657e985eb4c5315
- SHA1
  
  f37d70a2e272241c7f2bcb71e2e6aa7b96aefcd3
- SHA256
  
  0e893cdfd9aaffaeaad9f0f119b31cefdbdb9d9a0790791ffa37a370e7a7dbd7
- SHA512
  
  29e2447027c31108b735e00785cc281c5b2fd54de85c9e33ec1640f8f14e8e579df07a3f3caa0e2faa600888539ff15fcea70a69b8ae30edef5b9f57da01e045
- SSDEEP
  
  3072:j2Rg22PY0+LjJp5/5u6ElqrtCeHrIKWGSjG0rlhc3Ij3JQ/oJishIUOku:sh2PcjJp7kIrtCXRjG0rg4j7zu
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy