Overview

overview

10

Static

static

3

eef92884c9...9f.exe

windows7-x64

10

eef92884c9...9f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eef92884c9d53cb6c44e370704c466ace9deea5ca30ff3f87d57826b17e2559f

  • Size

    287KB

  • Sample

    240512-h24bfaeb3s

  • MD5

    92f390f3cb3415d5a8a0288a78b28f27

  • SHA1

    24112f35a3eb494dd9f3aa0f5f655e64a54c440d

  • SHA256

    eef92884c9d53cb6c44e370704c466ace9deea5ca30ff3f87d57826b17e2559f

  • SHA512

    4d97c7b06c7119b37a59513d1049b09ddfc00f8abeec14c5f741e4f50aca92294467fdaafc587e106a6564efe2325858a992e33aa8e137955ba52a8498ff9368

  • SSDEEP

    6144:z5rnNHxNOCGBcJ/f4ywZfunnMARf4PZudC4z29ysAlgLdt42:dhHxNPmcJ/f4ynnMAtiKmyNk

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://45.227.253.109:3216/ZhKO

Attributes
  • headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; LBBROWSER)

Targets

    • Target

      eef92884c9d53cb6c44e370704c466ace9deea5ca30ff3f87d57826b17e2559f

    • Size

      287KB

    • MD5

      92f390f3cb3415d5a8a0288a78b28f27

    • SHA1

      24112f35a3eb494dd9f3aa0f5f655e64a54c440d

    • SHA256

      eef92884c9d53cb6c44e370704c466ace9deea5ca30ff3f87d57826b17e2559f

    • SHA512

      4d97c7b06c7119b37a59513d1049b09ddfc00f8abeec14c5f741e4f50aca92294467fdaafc587e106a6564efe2325858a992e33aa8e137955ba52a8498ff9368

    • SSDEEP

      6144:z5rnNHxNOCGBcJ/f4ywZfunnMARf4PZudC4z29ysAlgLdt42:dhHxNPmcJ/f4ynnMAtiKmyNk

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks