Overview

overview

10

Static

static

1

hello.bat

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hello.bat

  • Size

    7KB

  • Sample

    240430-3sr72aag8z

  • MD5

    2f13ee536d6ec5d8fbce76cf1bc40e92

  • SHA1

    6fceee95abbc687a849cd24bd6614b5a67090acd

  • SHA256

    924f3a216a642893777d5836fbe5042ad349a21376282e685900a4756ef7694b

  • SHA512

    568e028eba41ae6c5b439897dfb5afbb14476b5b6fc88fb797446037bb83a81c547a788500a6b884d912af6b7dbd073cd480e560c9d07f46b0991c903d786e89

  • SSDEEP

    192:XL5qvXhjyhwvWAUS+QDTE7uTbh3MiSyn0sX:XLcXhjyhGP+QDwaPh8iSpo

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.88.128:1212

Targets

    • Target

      hello.bat

    • Size

      7KB

    • MD5

      2f13ee536d6ec5d8fbce76cf1bc40e92

    • SHA1

      6fceee95abbc687a849cd24bd6614b5a67090acd

    • SHA256

      924f3a216a642893777d5836fbe5042ad349a21376282e685900a4756ef7694b

    • SHA512

      568e028eba41ae6c5b439897dfb5afbb14476b5b6fc88fb797446037bb83a81c547a788500a6b884d912af6b7dbd073cd480e560c9d07f46b0991c903d786e89

    • SSDEEP

      192:XL5qvXhjyhwvWAUS+QDTE7uTbh3MiSyn0sX:XLcXhjyhGP+QDwaPh8iSpo

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks