metasploit | f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5 | Triage

Submit
Reports

Overview

overview

Static

static

7

f02bb51dfb...b5.exe

windows7-x64

f02bb51dfb...b5.exe

windows10-2004-x64

Sharing

General

Target

f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5
Size

1.7MB
Sample

240417-mqnh3adh3y
MD5

1445b48111cedf2ac017788eaeaee624
SHA1

fa607c0fdf147e4dbfadc37ffef0a0cc08b4bf7b
SHA256

f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5
SHA512

28494d3d78dadfe9e45bd959f52efca679b4a2cb7783c0a1d27ad70f7740d12aecb24c6e8870995e5bc666161f30fa1868c87a62b9d18d79ddcca36b5b5b9400
SSDEEP

24576:GVP4iQzePuruuXj/cz86edKl7DLwkCTpLH9ZVm+nzEG6GvmhhbnCydBA+bAW1ej:GWBj/czxedKFCTpRZdzEjAm9bK

Score

10^/10

metasploit backdoor persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5.exe

Resource

win7-20240221-en

metasploit backdoor persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5.exe

Resource

win10v2004-20240412-en

metasploit backdoor persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5
- Size
  
  1.7MB
- MD5
  
  1445b48111cedf2ac017788eaeaee624
- SHA1
  
  fa607c0fdf147e4dbfadc37ffef0a0cc08b4bf7b
- SHA256
  
  f02bb51dfbe714d0475327c95a8e406e8ee80892a5717b0ea41345df39bd74b5
- SHA512
  
  28494d3d78dadfe9e45bd959f52efca679b4a2cb7783c0a1d27ad70f7740d12aecb24c6e8870995e5bc666161f30fa1868c87a62b9d18d79ddcca36b5b5b9400
- SSDEEP
  
  24576:GVP4iQzePuruuXj/cz86edKl7DLwkCTpLH9ZVm+nzEG6GvmhhbnCydBA+bAW1ej:GWBj/czxedKFCTpRZdzEjAm9bK
Score

10^/10

metasploit backdoor persistence trojan upx
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoorpersistencetrojanupx

behavioral2

metasploitbackdoorpersistencetrojanupx

© 2018-2024

Terms | Privacy