Overview

overview

10

Static

static

10

de64f766c5...eb.dll

windows7-x64

10

de64f766c5...eb.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07ec066e55624b529b44cb22a81d7909ef12b18b45414cee22a9bc467a94ef1b

  • Size

    40KB

  • Sample

    240419-wy6t2sbg97

  • MD5

    f2a590ede2edbe08bb4f99eca0424b2b

  • SHA1

    d4fe4e37dab1fe0b562920fc350b2f5133a37847

  • SHA256

    07ec066e55624b529b44cb22a81d7909ef12b18b45414cee22a9bc467a94ef1b

  • SHA512

    0f379cf2d73afa13e47a917e9752736b9c11c3cf5a17e33af63a1b2c87c92659134e2717a1e67503961e52d0a7176ab64000e5d508f55b9b7835711a434cc168

  • SSDEEP

    768:4IVkJD7tmkB2N3XUYkowqPiInNnZyvLGl94TdU376p7e+hIMRauCMkOIQJ:4IVa7Ik0N3X2ovP3nNnayl9mU376dPF9

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://90aaaeb62492.ngrok.io:80/Th2n

Attributes
  • headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

Targets

    • Target

      de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb

    • Size

      71KB

    • MD5

      05d0dbfe2b283d68835bad401b2d1f29

    • SHA1

      f05d782d30707b43e924a3839aeaa93aea64e77a

    • SHA256

      de64f766c5148db03d216ee7b88ba1ab51b74e4b34aa6ef7315882d0881c71eb

    • SHA512

      a22d84d88cf938fe421e43e02be54449d99926de00664cd20d4d2aa6f5206789c69177db891169f2597a1648e28bddbdbd2c345df51c2f075698a0213773809e

    • SSDEEP

      1536:otNzVQFop4QflDN7rdWkfrZZgsWccdl/AToP08Y:yDRptlDN7Jfrjcl/ATc08Y

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks