metasploit | c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9 | Triage

Submit
Reports

Overview

overview

Static

static

c9d263a51b...d9.exe

windows7-x64

c9d263a51b...d9.exe

windows10-2004-x64

Sharing

General

Target

c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9
Size

285KB
Sample

221130-1c1hcsbb3x
MD5

2dfc663706536acc450cc1d76f6eaa93
SHA1

c40cd530b455d93347e7eb1862c201d8a1c22720
SHA256

c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9
SHA512

b1675eae1301c14bfc47a8b46b5b4c2124475697ba6f214ad2134f4b05080a38ebd82310949d8a3f7a7ebec39a5a2ec7dd541a7685e89103382861bf182b0e77
SSDEEP

6144:dbkd8IlEOt3VKpSu7STQOPX8NANAqQvt595FA1ZO:Od8ICOt3cpv7Z5NASqQvt0O

Score

10^/10

metasploit backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9.exe

Resource

win7-20220812-en

metasploit backdoor evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9.exe

Resource

win10v2004-20220901-en

metasploit backdoor evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9
- Size
  
  285KB
- MD5
  
  2dfc663706536acc450cc1d76f6eaa93
- SHA1
  
  c40cd530b455d93347e7eb1862c201d8a1c22720
- SHA256
  
  c9d263a51b77be5af25bbf4f9caa01e81ddb965ebb369df4fa704d4a059affd9
- SHA512
  
  b1675eae1301c14bfc47a8b46b5b4c2124475697ba6f214ad2134f4b05080a38ebd82310949d8a3f7a7ebec39a5a2ec7dd541a7685e89103382861bf182b0e77
- SSDEEP
  
  6144:dbkd8IlEOt3VKpSu7STQOPX8NANAqQvt595FA1ZO:Od8ICOt3cpv7Z5NASqQvt0O
Score

10^/10

metasploit backdoor evasion persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasionpersistencetrojanupx

behavioral2

metasploitbackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy