Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-2004-x64

10

Resubmissions

23/09/2023, 14:56

230923-sa9z1sgf6v 10

22/09/2023, 16:04

230922-thw9kaba83 10

22/09/2023, 16:01

230922-tf9f4shb2y 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://mega.nz/file/I10QUThQ#Anbkjc-YrdZPf7fecurNRZcgElIZtB6RdAWa5zR-ecc4

  • Sample

    230922-tf9f4shb2y

Score
10/10
metasploitbackdoorevasiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

172.94.88.173:5500

Targets

    • Target

      https://mega.nz/file/I10QUThQ#Anbkjc-YrdZPf7fecurNRZcgElIZtB6RdAWa5zR-ecc4

    Score
    10/10
    metasploitbackdoorevasiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Nirsoft

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks