metasploit | 3469692e0429097f567c960b9805a205c2b232fedb42fd47c2b0cc3a4f0eb00f | Triage

Submit
Reports

Overview

overview

Static

static

3

02cb022f50...c2.exe

windows7-x64

02cb022f50...c2.exe

windows10-2004-x64

Sharing

General

Target

02cb022f503bbef3b833f920dd8fb6c2
Size

329KB
Sample

231229-y1761aadgn
MD5

02cb022f503bbef3b833f920dd8fb6c2
SHA1

170a1e8bd5505cdd9f4a4f47459af755ddf5de87
SHA256

3469692e0429097f567c960b9805a205c2b232fedb42fd47c2b0cc3a4f0eb00f
SHA512

88819fa7ce289de87255d50706fdcbb45d29c296f8590b2ebd244990c7f768de730f8d3af4c1db5d8eca16f8fc0e05a37c62086625f13a3109828eba5faca0f5
SSDEEP

6144:YRxVstLI005DXHkS5ziFiSw23emcscfL1K/9jumJOh+ulgxHamaZUyRQMJGQgtgw:YRotLIDXEezipjo5K/NZkhpls6CyJG3d

Score

10^/10

metasploit backdoor trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

02cb022f503bbef3b833f920dd8fb6c2.exe

Resource

win7-20231215-en

metasploit backdoor trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

02cb022f503bbef3b833f920dd8fb6c2.exe

Resource

win10v2004-20231215-en

metasploit backdoor trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

- Target
  
  02cb022f503bbef3b833f920dd8fb6c2
- Size
  
  329KB
- MD5
  
  02cb022f503bbef3b833f920dd8fb6c2
- SHA1
  
  170a1e8bd5505cdd9f4a4f47459af755ddf5de87
- SHA256
  
  3469692e0429097f567c960b9805a205c2b232fedb42fd47c2b0cc3a4f0eb00f
- SHA512
  
  88819fa7ce289de87255d50706fdcbb45d29c296f8590b2ebd244990c7f768de730f8d3af4c1db5d8eca16f8fc0e05a37c62086625f13a3109828eba5faca0f5
- SSDEEP
  
  6144:YRxVstLI005DXHkS5ziFiSw23emcscfL1K/9jumJOh+ulgxHamaZUyRQMJGQgtgw:YRotLIDXEezipjo5K/NZkhpls6CyJG3d
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2025

Terms | Privacy