metasploit

Sharing

Copy URL

Twitter E-mail

General

Target

cc552bed9629fe4d9f2d6d60120bc8e1
Size

12.3MB
Sample

240315-y2mxfsad3v
MD5

cc552bed9629fe4d9f2d6d60120bc8e1
SHA1

bd12a0c8718bef907b1226ea6eca62a50390b401
SHA256

c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0
SHA512

eb3c782030d156976fd13998e2865f22b4ccbf6fb4b319cde2f9de62bb4710e0720f539422537cc6bf38a2dca9e3be323478ae5d074943747330a059f5ec6f06
SSDEEP

196608:tZM0TgSLy5FaaOik2eYqZA4nKfBzmsvC48+BWCamEjunhAu8YYDEYJbO:ty0TgAy5Be9A4+BjCT+Gn+hAuzqBO

Score

10^/10

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

10.10.14.49:443

Targets

- Target
  
  cc552bed9629fe4d9f2d6d60120bc8e1
- Size
  
  12.3MB
- MD5
  
  cc552bed9629fe4d9f2d6d60120bc8e1
- SHA1
  
  bd12a0c8718bef907b1226ea6eca62a50390b401
- SHA256
  
  c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0
- SHA512
  
  eb3c782030d156976fd13998e2865f22b4ccbf6fb4b319cde2f9de62bb4710e0720f539422537cc6bf38a2dca9e3be323478ae5d074943747330a059f5ec6f06
- SSDEEP
  
  196608:tZM0TgSLy5FaaOik2eYqZA4nKfBzmsvC48+BWCamEjunhAu8YYDEYJbO:ty0TgAy5Be9A4+BjCT+Gn+hAuzqBO
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  56a321bd011112ec5d8a32b2f6fd3231
- SHA1
  
  df20e3a35a1636de64df5290ae5e4e7572447f78
- SHA256
  
  bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
- SHA512
  
  5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
- SSDEEP
  
  192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8
Score

3^/10
behavioral3 behavioral4
- Target
  
  PaintDotNet.Base.dll
- Size
  
  2.0MB
- MD5
  
  058c85ddd615bc066afd28e96dc7df2d
- SHA1
  
  8c77a0d44dc4dcec978b03e9f17c2eb24728cabe
- SHA256
  
  13dee83925a48aebbb71285d44b168798eb016cb264a1fefef01aa0a4de734ab
- SHA512
  
  67f4b89f5b7def6af05d8483d812152c2297107ec41aced7fb80535729bb64f0a91beb98bacde2f1e8171ae5acad72b7f29584bbe7e71ccf3d58d7bc4ac781c3
- SSDEEP
  
  24576:aODoRcfnOqhlKcUv2uvXV5wFo2OBh/we055RSrIuagKRrNmNjbLCBTO8vMzle7FY:aGA732CpwzQRAaz5jkW
Score

1^/10
behavioral5 behavioral6
- Target
  
  PaintDotNet.Core.dll
- Size
  
  941KB
- MD5
  
  cd3f316acee9b1c1cf93ef25dbfdf2f8
- SHA1
  
  80c2167463f7978919bce803af173ae9dc13f335
- SHA256
  
  6fd76d8163789eb98c0a10bdb729f5e98a8cb2ef17e7d0727b981c48c829ae5c
- SHA512
  
  b716ab53505264f9a6c1b37e690fbdf67fbd9ffe41e9b005fd95b28f2de8dfc97288d15c085a3538d1aa352bd79faff9e04fcbfdd2fe57aaf96b68040884a10d
- SSDEEP
  
  12288:7HX9J69H3/wLM4ZyEBQCixA/SlEQGhpNsU8U/eeUxKnAjonxY8:z9J69H3/HMQVA/rQG/eKAjoa8
Score

1^/10
behavioral7 behavioral8
- Target
  
  PaintDotNet.Data.dll
- Size
  
  110KB
- MD5
  
  faa007f8868711b989ba62b72af7ca14
- SHA1
  
  f6a0f6a33eae828705c418785a3bfdc3c1179cb0
- SHA256
  
  ae2cad3e70ad12edf8ee1ea851a1dcb43ea716503f26401e22c78c4dd9c761f1
- SHA512
  
  42cf32dc5ea6647453d767e76dbd70f5123915f7ad519664bb5775b53aa92c5a1c0045deb62bee4d5e077a180c06bf53c4c37d73f49f964fd5b4aa00a2ab704b
- SSDEEP
  
  3072:W9TUujmqUuAC4k7CQz6VnxcTwQHzhf1hVsVKqKbJR:W5L73z6Vnx6wMtBtR
Score

1^/10
behavioral10 behavioral9
- Target
  
  PaintDotNet.Framework.dll
- Size
  
  461KB
- MD5
  
  f0ceb605d486716eb12ccc027d97c1e5
- SHA1
  
  ceaccf0d60dd238df33d7bd65973c0572c8cc914
- SHA256
  
  26a8a960e390367bc2440645e014201c7c455d06e836c0d173b61716bc232128
- SHA512
  
  8e72b93c5d6c5e88fe6597fd2d9c9846a727e9390258b72cfcca502e7567dd033954f4d4e33aa9d9add89e85eb13c5914e37384502d02ef8ca8f28c2f70795fe
- SSDEEP
  
  6144:MuGlHALKQhDxhSGdWeB6IkOIes6F8RFfhdsjLSmjKo1nghF1cSP8T93nyPnnnnnC:MZWSG0eB6IkOISFAFyR1k8T93nJrL
Score

1^/10
behavioral11 behavioral12
- Target
  
  PaintDotNet.Resources.dll
- Size
  
  995KB
- MD5
  
  db4bc78d81f82115a7fc24c7854f1af5
- SHA1
  
  68feaae29b72b6144a506a2de0526703a9767e2a
- SHA256
  
  32d1593efaa78f8d61035deb11b4e124af127747daf6e690557e0b44549a6ee1
- SHA512
  
  8e8df4507b904e32faa27115010bf33d7aff0bf5d1c13c0f128b8fb406e5ca65bf67a5963bc7ebaec56326501cd78c8f86c7e565798ca04f4fb3673bbdfabcd2
- SSDEEP
  
  24576:PtkAB6N6vkMKJFWVaLgJTsS5Uu9F7iddvl0CI0zY3lawY1:PtkAQ4vkMIFW2ygeUu32rzI00S
Score

1^/10
behavioral13 behavioral14
- Target
  
  PaintDotNet.SystemLayer.dll
- Size
  
  601KB
- MD5
  
  9d66dddd8552e5975397f215ac6081ed
- SHA1
  
  11dfe6f9756051b6cf658be7f37ba1ab585e7657
- SHA256
  
  cdd3adf86062e0d2e9645e5a657096e584fc79eedff054949796efd800cf1130
- SHA512
  
  0c4eada02e0bafe02f2f65d28662263488bee92a769ae8d8a45f5e786da4c30f62656b70138cc159416c14d9cc6cd382c45c4c512422dcbe8b33fb1c8748bc97
- SSDEEP
  
  6144:FcE0NwuSQRWtUlm9NB++3P1oVS2K5XymjJzHXumxjnTs/OOmrOWDPSWW9cJbDLRO:ONrm9N809oVqhJz+UTsmOmrdDjqXtOMH
Score

1^/10
behavioral15 behavioral16
- Target
  
  PaintDotNet.exe
- Size
  
  2.0MB
- MD5
  
  da11080e76aa6f6ddaf949dacdf91695
- SHA1
  
  17739eade33984b9f7728c9e8014f4cb7d09f98f
- SHA256
  
  e1db30ca7b39d386225b19be53bbf045247c0565072024c9fae2457f256c8a85
- SHA512
  
  7a13913fd3e28fe1642a439e9a4d9cb5516bce6fd0068aeecb29af1000b98a70fd02e4cc103aed3f3831c75fbb2d73b9027fbc80daf56c469c76e90861afb41a
- SSDEEP
  
  24576:J/HykHxgVwLB5ziKE+t6LR15OXdvJd2C5O49e5wY8hh:dwcBxiKET4bd2C5f
Score

1^/10
behavioral17 behavioral18
- Target
  
  PaintDotNet_x64.msi
- Size
  
  56.2MB
- MD5
  
  b8ddb9faed245ef388db48364cab8fe7
- SHA1
  
  515a8742c7d9163e717d4588a2654896923012fb
- SHA256
  
  aa0b8df129122d767a7f711a0bd7a5fc838d2acad09f6890dcd209cf875973be
- SHA512
  
  8324fcc465be44f47fa4bffece7195b31af45c19df30c57c4e0387841ef351ceb3dba06e6aa0ba66872cbd5bc06431512f7ffdad5b366e47b5261b95df96a621
- SSDEEP
  
  393216:d7wMnozGuRlM7PZiKXOqCdALhOhuo6km1YvjcMpE9BiS+mFESSbQSnHtDTLu5ZWE:d79MnIiKH8nu63pbH4OO
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20
- Target
  
  PaintDotNet_x86.msi
- Size
  
  56.2MB
- MD5
  
  ec6bf9b6cfb60286994910fb8363ee5c
- SHA1
  
  bc65389e57575b2f831280c9bf8880ae98a0709c
- SHA256
  
  9a9f3f78a7288f24093c9ecdd9499b03fb660c66383d46bcba4e74b2b7cac714
- SHA512
  
  136dba7818d0c3e40ab13ecc3625d72a9850fd19c83b9e20c1075e40e375e2b79b7b172ad2d3d3fc7f9355af4da1625a7bb1cc37b80bb6e81730084823e525cb
- SSDEEP
  
  393216:l7MMnozGuRlM7PZiKXOqCdALhOhuo6km1YvjcMpE9BiS+mFESSbQSnHtDTLu5ZWE:l75MnIiKH8nu63pbH4OO
Score

6^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral21 behavioral22
- Target
  
  SetupFrontEnd.exe
- Size
  
  89KB
- MD5
  
  86547d7bff541e04d5a31db85efe627c
- SHA1
  
  7e61f64a38ccaa9c17e7c2559bc106c042081cba
- SHA256
  
  3de2570125fba893091f0a5bc557524fe53cf8d35a0f36a66562a29f6d68be98
- SHA512
  
  8bfa86e0fee1b2e56c39ca5d73f48178daa6742d755b0084253f25062f5877aff80aa2e3150897cc6fc7c1ac1cd8705c8d1a7647094b8c650565791cfba9fb5c
- SSDEEP
  
  1536:HvQBk8mSlzR8thiQCeEYwx22eMOZ5caNpHn60ajITWEnSBcoooCH/Xjtx1KhQLhu:PQgjtMQ3ww/Xjtx1KmQgWH9JPQLz6cw3
Score

1^/10
behavioral23 behavioral24
- Target
  
  SetupShim.exe
- Size
  
  134KB
- MD5
  
  6d683c23bab272e6aa3b41167d3cafd3
- SHA1
  
  1738b9242401846d40be6814d08d6d969aa15394
- SHA256
  
  7abea50aecce1c28c6312c6554dce3d72165b902241fa3a2b6d3fc09117b57ef
- SHA512
  
  01818bde9490336914d2190cb9c98ce630fb3eb38634c5d231ba027e6e8b4f0d8fc1554c1094bcf669bdd01e02a98d558c7f73f3ea38b391fab0d3d608d9269b
- SSDEEP
  
  3072:CIxhlOHEbzW5vMlS6NUX1qo4BE/9ugl+IHhrE90JGsfTyIBvzoTEVhY9HqqXf5I:sHEbzWajik9BEJBr5fTPjwKKxI
Score

1^/10
behavioral25 behavioral26
- Target
  
  System.Buffers.dll
- Size
  
  20KB
- MD5
  
  ecdfe8ede869d2ccc6bf99981ea96400
- SHA1
  
  2f410a0396bc148ed533ad49b6415fb58dd4d641
- SHA256
  
  accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
- SHA512
  
  5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
- SSDEEP
  
  384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
Score

1^/10
behavioral27 behavioral28
- Target
  
  System.Collections.Immutable.dll
- Size
  
  175KB
- MD5
  
  8f55c22412f7d448d6e7b83102665368
- SHA1
  
  88df86ee0b137992af15a35825804274fa252e30
- SHA256
  
  67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918
- SHA512
  
  058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb
- SSDEEP
  
  3072:gUbJLl+WMe7FJ02NPhVN0T2rcoNXvUJ4C0jucx2ejoVjM4xT56pL:gUVMWNvrxUJ4CDcY5G
Score

1^/10
behavioral29 behavioral30
- Target
  
  System.Memory.dll
- Size
  
  137KB
- MD5
  
  6fb95a357a3f7e88ade5c1629e2801f8
- SHA1
  
  19bf79600b716523b5317b9a7b68760ae5d55741
- SHA256
  
  8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7
- SHA512
  
  293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0
- SSDEEP
  
  3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32