metasploit | 8a14915fac57616e42690463a7553d3de1f7c0aede6d446632661e6a47818f00 | Triage

Submit
Reports

Overview

overview

Static

static

crmupgrade.exe

windows7-x64

crmupgrade.exe

windows10-2004-x64

Sharing

General

Target

crmupgrade.exe
Size

72KB
Sample

240418-lpjytaaf8s
MD5

134b5f62ed49e2303cbd41a4d7320361
SHA1

1a1d6590ff7693b74d9087c32eb43f828307aa5a
SHA256

8a14915fac57616e42690463a7553d3de1f7c0aede6d446632661e6a47818f00
SHA512

642189f5dbdf5ea3fcbdd47f1a2f7123b216f26b0b555094ae809012626d57fb11a2dd932c82c2aff8192b5177626bc0aacc84449577de1c3f18f6b65f6330ab
SSDEEP

1536:IqicVCAPk6ERM6/Az2aWc8AMMb+KR0Nc8QsJq39:kcVCmMctMe0Nc8QsC9

Score

10^/10

metasploit backdoor trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

crmupgrade.exe

Resource

win7-20240221-en

metasploit backdoor trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

crmupgrade.exe

Resource

win10v2004-20240412-en

metasploit backdoor trojan

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

3.84.34.113:53

Targets

- Target
  
  crmupgrade.exe
- Size
  
  72KB
- MD5
  
  134b5f62ed49e2303cbd41a4d7320361
- SHA1
  
  1a1d6590ff7693b74d9087c32eb43f828307aa5a
- SHA256
  
  8a14915fac57616e42690463a7553d3de1f7c0aede6d446632661e6a47818f00
- SHA512
  
  642189f5dbdf5ea3fcbdd47f1a2f7123b216f26b0b555094ae809012626d57fb11a2dd932c82c2aff8192b5177626bc0aacc84449577de1c3f18f6b65f6330ab
- SSDEEP
  
  1536:IqicVCAPk6ERM6/Az2aWc8AMMb+KR0Nc8QsJq39:kcVCmMctMe0Nc8QsC9
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy