Overview

overview

10

Static

static

fdcf081b88...20.exe

windows7-x64

10

fdcf081b88...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdcf081b885009ff6ae21587989410a0c861f9f2e7acd2e11a544ccc2d899020

  • Size

    227KB

  • Sample

    221203-bh8cqabg99

  • MD5

    1926d5d9eb5e4354f18083916de108f0

  • SHA1

    f54ca406b5d189b19bdd2124c71660b921945cdb

  • SHA256

    fdcf081b885009ff6ae21587989410a0c861f9f2e7acd2e11a544ccc2d899020

  • SHA512

    32a58a5d68ac70f719f4fb86ed198171ae70c0f34e3d5b623722de7e407ed66caf2d19d37deb3d1590063f5bb1ae2911e4226739f0a33f9e5714479c8e7e3ae5

  • SSDEEP

    3072:mq6zDsoY9iUeCRvRpR5RhD/HzkfVtLrNFSDg6w3x5VdO3huCFOnYit8aQ:mqKC9X/L/cVtLxthdGhvOf

Score
10/10
metasploitbackdoorevasionpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      fdcf081b885009ff6ae21587989410a0c861f9f2e7acd2e11a544ccc2d899020

    • Size

      227KB

    • MD5

      1926d5d9eb5e4354f18083916de108f0

    • SHA1

      f54ca406b5d189b19bdd2124c71660b921945cdb

    • SHA256

      fdcf081b885009ff6ae21587989410a0c861f9f2e7acd2e11a544ccc2d899020

    • SHA512

      32a58a5d68ac70f719f4fb86ed198171ae70c0f34e3d5b623722de7e407ed66caf2d19d37deb3d1590063f5bb1ae2911e4226739f0a33f9e5714479c8e7e3ae5

    • SSDEEP

      3072:mq6zDsoY9iUeCRvRpR5RhD/HzkfVtLrNFSDg6w3x5VdO3huCFOnYit8aQ:mqKC9X/L/cVtLxthdGhvOf

    Score
    10/10
    metasploitbackdoorevasionpersistencetrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks