metasploit | 74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43 | Triage

Submit
Reports

Overview

overview

Static

static

74f0ba018c...43.exe

windows7-x64

74f0ba018c...43.exe

windows10-2004-x64

Sharing

General

Target

74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
Size

179KB
Sample

221203-bjasvabh22
MD5

e7f36826c44c8fea5ad90ca38f3434ac
SHA1

31cc06746f0a55ea578dc852e4ce32db98802371
SHA256

74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
SHA512

b1e79a6ff61266c0867c9af0e2d9e1af864562c9de0577d4856b656575df6d5362bcfcb64f7de4590f6882ab8930ed0e4ab8abddf08fc40aaedd9b646b71d52c
SSDEEP

3072:g0Lh0KNHQ80N8m+5/KJKC35nB00LA8De3vtS+x68F+Hcpw:g0L8NDMuDc9+8S+x6+tw

Score

10^/10

metasploit backdoor trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43.exe

Resource

win7-20221111-en

metasploit backdoor trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43.exe

Resource

win10v2004-20220812-en

metasploit backdoor trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
- Size
  
  179KB
- MD5
  
  e7f36826c44c8fea5ad90ca38f3434ac
- SHA1
  
  31cc06746f0a55ea578dc852e4ce32db98802371
- SHA256
  
  74f0ba018c00f91d7e3cb8e4d3dc75950be330416052d9ea17ec395c458ece43
- SHA512
  
  b1e79a6ff61266c0867c9af0e2d9e1af864562c9de0577d4856b656575df6d5362bcfcb64f7de4590f6882ab8930ed0e4ab8abddf08fc40aaedd9b646b71d52c
- SSDEEP
  
  3072:g0Lh0KNHQ80N8m+5/KJKC35nB00LA8De3vtS+x68F+Hcpw:g0L8NDMuDc9+8S+x6+tw
Score

10^/10

metasploit backdoor trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojanupx

behavioral2

metasploitbackdoortrojanupx

© 2018-2024

Terms | Privacy