metasploit | ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f | Triage

Submit
Reports

Overview

overview

Static

static

ca1441615d...5f.exe

windows7-x64

ca1441615d...5f.exe

windows10-2004-x64

Sharing

General

Target

ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
Size

249KB
Sample

221203-fm1kwsba9y
MD5

1bed964735e9a19f4e1ca09e8a61e60d
SHA1

53105df2de13bf0416d09c88a2c254221e60e9ae
SHA256

ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
SHA512

32656feb69915b41289e72bb6608eb4c385d77b62285f4ea9fd09dfd6c5b6a6cc0287174457f43e6227efb9f3f2c7362709b9739927907db03f994f7b6c115ad
SSDEEP

3072:azGbs5CPFpid7aB+PuUoEPnBRUzPkPWv5WKuznt+DxME/+Veo/B6dcLSHaSVLkB9:RbrpkB/nBmFunUm56dqYy

Score

10^/10

metasploit backdoor evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f.exe

Resource

win7-20221111-en

metasploit backdoor evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f.exe

Resource

win10v2004-20221111-en

metasploit backdoor evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
- Size
  
  249KB
- MD5
  
  1bed964735e9a19f4e1ca09e8a61e60d
- SHA1
  
  53105df2de13bf0416d09c88a2c254221e60e9ae
- SHA256
  
  ca1441615d14117a414448ee303cd1a8a3021980bb8476fcac4e1aa83723d65f
- SHA512
  
  32656feb69915b41289e72bb6608eb4c385d77b62285f4ea9fd09dfd6c5b6a6cc0287174457f43e6227efb9f3f2c7362709b9739927907db03f994f7b6c115ad
- SSDEEP
  
  3072:azGbs5CPFpid7aB+PuUoEPnBRUzPkPWv5WKuznt+DxME/+Veo/B6dcLSHaSVLkB9:RbrpkB/nBmFunUm56dqYy
Score

10^/10

metasploit backdoor evasion persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

metasploitbackdoorevasionpersistencetrojanupx

behavioral2

metasploitbackdoorevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy