Overview

overview

10

Static

static

3

Picture42....ok.exe

windows7-x64

10

Picture42....ok.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab750bb5ba80757be9e202ed6ade780e

  • Size

    133KB

  • Sample

    240228-kfwqksfd3t

  • MD5

    ab750bb5ba80757be9e202ed6ade780e

  • SHA1

    db4ae2a65c3c1ef404f37dbbbcf7f282e05b801a

  • SHA256

    6ceb69224cf96b7197a77cf08afdc821718561bc41d03ac2ba034e8be3cbf3e0

  • SHA512

    6ecfe65a4843c40a12171495f4c54ebd0b0955a487afacc8c8c34828754a208914481e248ac542ebb681b63f85274122576a896d0c408232856acf9b6fd61eb4

  • SSDEEP

    3072:PAXapDvAceCUwV3ZCxTfbv4OyWrb+2pZgy1JtFgPgPg:4KucetiZK3vXn5Tffm

Score
10/10
metasploitbackdoortrojanupx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Targets

    • Target

      Picture42.JPG_www.facebook.com

    • Size

      151KB

    • MD5

      3bb29b4fa89ba0623b2668c44fc545dd

    • SHA1

      ce273211fa397c88e6af808b0ab20d77f33861c7

    • SHA256

      af34aa041818cb31b37c636e019ca464044e2fefacfb6da0abefba856abbbc6d

    • SHA512

      5c418b4dc0d19f6df33bfef4ff8a9eeafd83e44eff12dd6304f848a36c9dbe5c689c65b94cc04433828b6dc6d10ea838888018be2274e26496470ac64537d6d0

    • SSDEEP

      3072:1YXlOvh+trjeCUwV3ZC3Tfbv4OyWrHXBUtLBf:1kjetiZK3vXLX6LBf

    Score
    10/10
    metasploitbackdoortrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks