metasploit | 2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2a798ce304...7e.exe

windows7-x64

2a798ce304...7e.exe

windows10-2004-x64

Sharing

General

Target

2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e
Size

115KB
Sample

221010-3aqw9adfd4
MD5

535373661a6c5ac8b76c0bb8ba6f8547
SHA1

bf6bfb2bec3087992ce39a03e82bb5e2f3d1275b
SHA256

2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e
SHA512

a3eca1b13711ab0de7f22ab0d933811dfd0f9f4f8947fa992c26ef74153e74a871192adfcc1d6692bf30e6685b9189990232a10daa5bfbc4a7ca59a69f7f7b6b
SSDEEP

3072:yf8wNOO5/bHoUYmxF44UkbZEvoA7HjeG6PDkX:yn5dn4rkWgCHje97

Score

10^/10

metasploit backdoor evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e.exe

Resource

win7-20220812-en

metasploit backdoor evasion trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e.exe

Resource

win10v2004-20220812-en

metasploit backdoor evasion trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e
- Size
  
  115KB
- MD5
  
  535373661a6c5ac8b76c0bb8ba6f8547
- SHA1
  
  bf6bfb2bec3087992ce39a03e82bb5e2f3d1275b
- SHA256
  
  2a798ce30425b601aadbe3f720b9e33707b7daa135bf23041e3deddcd3f6177e
- SHA512
  
  a3eca1b13711ab0de7f22ab0d933811dfd0f9f4f8947fa992c26ef74153e74a871192adfcc1d6692bf30e6685b9189990232a10daa5bfbc4a7ca59a69f7f7b6b
- SSDEEP
  
  3072:yf8wNOO5/bHoUYmxF44UkbZEvoA7HjeG6PDkX:yn5dn4rkWgCHje97
Score

10^/10

metasploit backdoor evasion trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasiontrojan

behavioral2

metasploitbackdoorevasiontrojan

© 2018-2025

Terms | Privacy