metasploit | f6aef9e69682375816e23b0191acb1cd2952d73b7661c920f80fd425f7849068 | Triage

Submit
Reports

Overview

overview

Static

static

evil.msi

windows7-x64

evil.msi

windows10-2004-x64

Sharing

General

Target

evil.msi
Size

156KB
Sample

230415-vsp4nseh59
MD5

1903ff06ec34d96120e24db16c6ef65b
SHA1

890189b37281bba028b683aa839c0af24510f21c
SHA256

f6aef9e69682375816e23b0191acb1cd2952d73b7661c920f80fd425f7849068
SHA512

af38753be6d53445aa77dc1f155d41aa918e9602beee79b45df64ac3838bc2be045c32bf461c971f8d60f228c381d318f2da48cc26308501715d8e367c0087d1
SSDEEP

1536:Ek7KoRO8LBNqER3qyREuPwjwXp5PUR2n0wMb+KR0Nc8QsJq3UDj0D:v7Kx8Lr3qiTPwjGjUsDe0Nc8QsC

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

evil.msi

Resource

win7-20230220-en

metasploit backdoor trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

evil.msi

Resource

win10v2004-20230220-en

metasploit backdoor trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/exec

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://207.148.94.149:8000/shell.ps1

Targets

- Target
  
  evil.msi
- Size
  
  156KB
- MD5
  
  1903ff06ec34d96120e24db16c6ef65b
- SHA1
  
  890189b37281bba028b683aa839c0af24510f21c
- SHA256
  
  f6aef9e69682375816e23b0191acb1cd2952d73b7661c920f80fd425f7849068
- SHA512
  
  af38753be6d53445aa77dc1f155d41aa918e9602beee79b45df64ac3838bc2be045c32bf461c971f8d60f228c381d318f2da48cc26308501715d8e367c0087d1
- SSDEEP
  
  1536:Ek7KoRO8LBNqER3qyREuPwjwXp5PUR2n0wMb+KR0Nc8QsJq3UDj0D:v7Kx8Lr3qiTPwjGjUsDe0Nc8QsC
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2025

Terms | Privacy