Overview

overview

10

Static

static

10

actualizar...al.exe

windows7-x64

10

actualizar...al.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    actualizarsucvirtual.exe

  • Size

    72KB

  • Sample

    240418-lpfw6aaf7t

  • MD5

    e4f9ef3eaf502f20055a97d77791df01

  • SHA1

    39e8b29fe500ec0df4eb4abc0ecec9dcbc95917a

  • SHA256

    6e8d31b7fe9aa035daf5e3cac660c383a9201e763f65581cabc2655426ca4e54

  • SHA512

    49b500796ae9ac2bac2496f5452000a74895eb707272ab83049b7f5bd40597f7b37722b4b57961f4429b48c056dc045bf623f14a6b641bdf828b92bc183e4ae5

  • SSDEEP

    1536:IOl/bG84MmP59t9dzHLDrKMb+KR0Nc8QsJq39:x8jHffKe0Nc8QsC9

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

54.173.0.241:53

Targets

    • Target

      actualizarsucvirtual.exe

    • Size

      72KB

    • MD5

      e4f9ef3eaf502f20055a97d77791df01

    • SHA1

      39e8b29fe500ec0df4eb4abc0ecec9dcbc95917a

    • SHA256

      6e8d31b7fe9aa035daf5e3cac660c383a9201e763f65581cabc2655426ca4e54

    • SHA512

      49b500796ae9ac2bac2496f5452000a74895eb707272ab83049b7f5bd40597f7b37722b4b57961f4429b48c056dc045bf623f14a6b641bdf828b92bc183e4ae5

    • SSDEEP

      1536:IOl/bG84MmP59t9dzHLDrKMb+KR0Nc8QsJq39:x8jHffKe0Nc8QsC9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks