Overview

overview

10

Static

static

3

9f8c457038...25.exe

windows7-x64

10

9f8c457038...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81934bedfe1b51393c80a5121c0853c3344ee7a8b5d189035ea29b5512607dd2

  • Size

    10KB

  • Sample

    240419-txtf8ahh7x

  • MD5

    fae496bb8811cb7c99b04e52e6ace7aa

  • SHA1

    b5254dbed92bc309aea33270e11a880da8e39bef

  • SHA256

    81934bedfe1b51393c80a5121c0853c3344ee7a8b5d189035ea29b5512607dd2

  • SHA512

    d24b598fb22f150f6027bbaf5affdd00d104281b0727bea1bd349f58e3f904b697ad8361b1a7754f3579ce0a44b777855dd56a3d44550d4e097dc289b867465f

  • SSDEEP

    192:up/ip+8s9GNec8T3VMQWwD7j46By8bONPZ6FPCICyraKuN9gJAgU:2/ip+J9GQzBbj9yMOFwFCyrdOgJAgU

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://213.109.202.206:80/1/Events/com.amazon.csm.csa.prod

Attributes
  • headers Accept: */* Accept-Language: en-US,en;q=0.5 Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Targets

    • Target

      9f8c457038dec8b3ce15996b078008bd5ec3d817b969da6bce8c6902a513d225.exe

    • Size

      23KB

    • MD5

      32446c112f551cc8d6a42af14707dbe8

    • SHA1

      e80e10cd93e31eb7aa5b813fbc7a579e2b7e1835

    • SHA256

      9f8c457038dec8b3ce15996b078008bd5ec3d817b969da6bce8c6902a513d225

    • SHA512

      d56ca89af2f101d02bf4f2b035f42c1b57582dde5f0ff796557b825164b771ed63b6fbe0b0e7dc17b77b0dcbacc3d913bf3e8765ea78861e11f1c23719075848

    • SSDEEP

      384:PqPwA6+LHVIlIMeD68IsR56qMt6Q7hwGITlgeaNg7DWIeW:PMwA6wHjMeD6A5K6QuGklNac

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks