Malware Analysis Report

2024-09-23 04:05

Sample ID 240502-g2xm8abc2x
Target ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed
SHA256 ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed

Threat Level: Known bad

The file ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-02 06:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-02 06:18

Reported

2024-05-02 06:21

Platform

win7-20240221-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe

"C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe"

Network

Country Destination Domain Proto
US 192.210.162.147:80 tcp
US 192.210.162.147:80 tcp

Files

memory/2988-0-0x0000000000360000-0x0000000000361000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-02 06:18

Reported

2024-05-02 06:21

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe

"C:\Users\Admin\AppData\Local\Temp\ad1cbe205954a376de542fe8cdd6e971037386eb8afe86fee310555c6cf5a1ed.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5240 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 192.210.162.147:80 tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp

Files

memory/1964-0-0x00000000093F0000-0x00000000093F1000-memory.dmp