metasploit | 0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47 | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-23...er.exe

windows7-x64

2024-04-23...er.exe

windows10-2004-x64

Sharing

General

Target

2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
Size

2.0MB
Sample

240423-wmma9sae56
MD5

e1f12fc65552ebcd26542e8bf3f985b8
SHA1

eee4e3f34247e50a8dacce6e15ca605983abdfc0
SHA256

0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
SHA512

a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
SSDEEP

49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW

Score

10^/10

metasploit backdoor discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe

Resource

win7-20240221-en

metasploit backdoor discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe

Resource

win10v2004-20240412-en

metasploit backdoor discovery trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.222.129:1734

Targets

- Target
  
  2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber
- Size
  
  2.0MB
- MD5
  
  e1f12fc65552ebcd26542e8bf3f985b8
- SHA1
  
  eee4e3f34247e50a8dacce6e15ca605983abdfc0
- SHA256
  
  0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
- SHA512
  
  a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
- SSDEEP
  
  49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2024

Terms | Privacy