metasploit | 5f4740ee065cca602b02be671fb078b63bb5fe2f733614c7207a87ab9b9454dd

Resubmissions

12-06-2023 09:02

230612-kzeleabb49 10

12-06-2023 06:10

230612-gw5rmsbe2y 10

20-05-2023 14:49

230520-r617bafd9z 10

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2023 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083RonAJ.exe
Size

111KB
MD5

134e05f0159d914ee1f30b3f9dc298d4
SHA1

1561822fcda828ec63771214ec23b1061bc2927e
SHA256

5f4740ee065cca602b02be671fb078b63bb5fe2f733614c7207a87ab9b9454dd
SHA512

ec966e02c939db56eca91c7704102976482b90a87027f39439dbc3a68665369ad51e369ad42963e1b50d1de2844712d0aeea68e67c98fedeb4508bc7ba6660db
SSDEEP

1536:eQb/9bthAZXzj9bfP/EzR3PE4CzzCWqycBm19T7qLLLGUy2NKeq4:F/PhWXxmE4CFt0bQm

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

http://193.117.208.109:7400/LdweF_tC2dcJ6wjqbbUjDwvj2IvXh_OxfjdXC5GTU3oF3Q9H8RfN_Ac-t3zkW1e4kmghRWkvztCs5iY0Cgqdbq34cAUae07AeZFTp9_XPl1tPbdhG-YuQeIpiUH3Alx8wROnYmo9NzFLgbgKCtO4_7b9Yf0xzx_CvX0Yiz0xPM26TajJs8zAwECUhfA4bhudegiG_3kNtDuHztt

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

C:\Users\Admin\AppData\Local\Temp\083RonAJ.exe
"C:\Users\Admin\AppData\Local\Temp\083RonAJ.exe"
1⤵
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4616-133-0x0000000000CF0000-0x0000000000CF1000-memory.dmp

Filesize
4KB

Download
memory/4616-134-0x0000000000FD0000-0x0000000000FEF000-memory.dmp

Filesize
124KB

Download
memory/4616-142-0x0000000000FD0000-0x0000000000FEF000-memory.dmp

Filesize
124KB

Download