metasploit | 0ef8330a6cf88ae8f244cb9838b4b91c24c3eb7bd281647d8b5c6653d82d8b47

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

登录器.exe
Size

1.8MB
MD5

2301e95e1b899d97b7ae33053d478785
SHA1

cb12c16c8152264fb051dd76d67e098c099b8ce9
SHA256

0ef8330a6cf88ae8f244cb9838b4b91c24c3eb7bd281647d8b5c6653d82d8b47
SHA512

81f9f420e6b51a101a27fd36ff511a7321571b987958c37b4145db04d9fefc34fa38ac0c35e8c62ce6229808ecadd650c4716cdb35bc5397934bf6538b22170f
SSDEEP

24576:/3vLRdVhZBK8NogWYO09fOGi9J3YiWdCMJ5QxmjwC/hR:/3d5ZQ1dxJIiW0MbQxA

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

1.15.12.73:4567

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

登录器.exe

description pid process

Token: SeDebugPrivilege 4076 登录器.exe
Token: SeDebugPrivilege 4076 登录器.exe

description	pid	process
Token: SeDebugPrivilege	4076	登录器.exe
Token: SeDebugPrivilege	4076	登录器.exe

C:\Users\Admin\AppData\Local\Temp\登录器.exe
"C:\Users\Admin\AppData\Local\Temp\登录器.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4076

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4076-0-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/4076-1-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/4076-2-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/4076-4-0x0000000000400000-0x00000000005E5000-memory.dmp

Filesize
1.9MB

Download