metasploit | 139cdb6becf2a2fa239d1f35acfc2db3f913afa6591b87d44b5e9d9b531dfa86 | Triage

Submit
Reports

Overview

overview

Static

static

1

12493ec6b5...ba.exe

windows7-x64

12493ec6b5...ba.exe

windows10-2004-x64

9e7d06f01a...47.exe

windows7-x64

9e7d06f01a...47.exe

windows10-2004-x64

c5b25a24f7...om.exe

windows7-x64

1

c5b25a24f7...om.exe

windows10-2004-x64

1

ce8bface0c...aa.exe

windows7-x64

ce8bface0c...aa.exe

windows10-2004-x64

Analysis

max time kernel
90s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 12:02

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

12493ec6b59188a080961436130f4cba.exe

Resource

win7-20230220-en

cobaltstrike metasploit 100000000 backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

12493ec6b59188a080961436130f4cba.exe

Resource

win10v2004-20230221-en

metasploit backdoor trojan

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

9e7d06f01a6535531b6e098f6dd3eb47.exe

Resource

win7-20230220-en

cobaltstrike 391144938 backdoor trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

9e7d06f01a6535531b6e098f6dd3eb47.exe

Resource

win10v2004-20230220-en

cobaltstrike 391144938 backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

c5b25a24f7112f1ee9300986004c45d9.com.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

c5b25a24f7112f1ee9300986004c45d9.com.exe

Resource

win10v2004-20230221-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

ce8bface0c9e56ab96d4bc06b76083aa.exe

Resource

win7-20230220-en

cobaltstrike backdoor trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral8

Sample

ce8bface0c9e56ab96d4bc06b76083aa.exe

Resource

win10v2004-20230220-en

cobaltstrike backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Report Analysis Logs

General

Target

12493ec6b59188a080961436130f4cba.exe
Size

250KB
MD5

12493ec6b59188a080961436130f4cba
SHA1

019c2e8f059291c9f9dc2958f8e1815b36e5e0ea
SHA256

9bfc115e306fd5de28d6392cb4303a9ee41890d6bb27da00d41e7b335eb0b72e
SHA512

0a270a9b7b3ee2004e6b3560e121047d93b3a8522b25591e2364abce65c4ef7afbdf8a9754220c04af63bafc2d4099ecb1e5f6293c27918b1944d06285316cfd
SSDEEP

3072:ac+uy5u8vGRlIqw+Xs8GBccgOrc57aOJqq5DYejipqi1fffffffffffffffffffh:ahXxv8le+rAF6st1fv

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://183.60.219.35:80/vue.min.js

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/5.0) Host: 360update.360.cn

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\12493ec6b59188a080961436130f4cba.exe
"C:\Users\Admin\AppData\Local\Temp\12493ec6b59188a080961436130f4cba.exe"
1⤵
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-133-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download

© 2018-2024

Terms | Privacy