Overview

overview

10

Static

static

b708a5985e...44.exe

windows7-x64

10

b708a5985e...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544

  • Size

    304KB

  • Sample

    221203-azksbaab57

  • MD5

    835d904ac7ea20217958ddbeaa87b7c9

  • SHA1

    b9af85cc71b37a3e4e32f086b566d7cc1357dd71

  • SHA256

    b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544

  • SHA512

    8d694798062e1ca55d056dc4e8a31a25fa367330e24f2957d218f0779c3d62d0bf294f654aa9897209945f8a4043eea6da9fbcbaa8a5352e39199d1b9c28124f

  • SSDEEP

    6144:dMIasDkaLPlgnMDHr96BjnLi7k2kqD5XJH8pVaQKH:tPl5gnLx2kqxF8y

Score
10/10
metasploitbackdoorbootkitpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544

    • Size

      304KB

    • MD5

      835d904ac7ea20217958ddbeaa87b7c9

    • SHA1

      b9af85cc71b37a3e4e32f086b566d7cc1357dd71

    • SHA256

      b708a5985eb5315a18bada34e80304fdc33f2a13640e650ee4bc651451f77544

    • SHA512

      8d694798062e1ca55d056dc4e8a31a25fa367330e24f2957d218f0779c3d62d0bf294f654aa9897209945f8a4043eea6da9fbcbaa8a5352e39199d1b9c28124f

    • SSDEEP

      6144:dMIasDkaLPlgnMDHr96BjnLi7k2kqD5XJH8pVaQKH:tPl5gnLx2kqxF8y

    Score
    10/10
    metasploitbackdoorbootkitpersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks