Overview

overview

10

Static

static

10

file4.pdf

windows10-2004-x64

1

form.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file4

  • Size

    59KB

  • Sample

    230327-cf5pgsdb6v

  • MD5

    230fab4c9e790e7a90f4dc84aed883ab

  • SHA1

    fad657b8c75d7c537688dddd4b4f82ae8d3a6780

  • SHA256

    01173fb031804f3b019ba2e8d8142eb41e41100d8363cbca3871ca4db098a0d2

  • SHA512

    e1bbbd99c086e2c931a31fc86420ccd698b607a6536f4e735fb33fa26a02e18a0365a3b074493625d87696de29d790dcacd3a3e0c51f88de6eb7676e5deab25b

  • SSDEEP

    1536:TLcUj5ut5KzMy8+vFJzWZw4hLcXhdaWHsBtfM:TQUF9d8++pUhdaoCM

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

45.0.45.0:80

Targets

    • Target

      file4

    • Size

      59KB

    • MD5

      230fab4c9e790e7a90f4dc84aed883ab

    • SHA1

      fad657b8c75d7c537688dddd4b4f82ae8d3a6780

    • SHA256

      01173fb031804f3b019ba2e8d8142eb41e41100d8363cbca3871ca4db098a0d2

    • SHA512

      e1bbbd99c086e2c931a31fc86420ccd698b607a6536f4e735fb33fa26a02e18a0365a3b074493625d87696de29d790dcacd3a3e0c51f88de6eb7676e5deab25b

    • SSDEEP

      1536:TLcUj5ut5KzMy8+vFJzWZw4hLcXhdaWHsBtfM:TQUF9d8++pUhdaoCM

    Score
    1/10
    behavioral1

    • Target

      form.pdf

    • Size

      72KB

    • MD5

      3eeac8ee99babf6f47aaaee8e74234f9

    • SHA1

      b57202149970296200a4b74f8236f3bb71ac27e3

    • SHA256

      2398ad0d7889937860f69609419370223f06930f73638a36afe67659b3af3e66

    • SHA512

      5e55c74574d264a5417809fff49ed9a9b1a670c234afe6c22393dbafa9bfdb1c204a686982a5e0e4026dcf2d9881413c13a7b8dd31477b77e865ac2fa2a87bc0

    • SSDEEP

      1536:Iwxutgnj27jNKJTPR/iz3SzK/jqNMb+KR0Nc8QsJq39:34i2nNKVPIrWK/jqNe0Nc8QsC9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks