Overview

overview

10

Static

static

3

cfb5f740f6...b5.exe

windows7-x64

10

cfb5f740f6...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfb5f740f662cd134e5a114a9f041a0c320fba850b48874ff1d2c23ca6be3fb5

  • Size

    17KB

  • Sample

    240515-vt3q6abe29

  • MD5

    b89b02e73b9191bbae636a043a1bc765

  • SHA1

    d82d93d0d526b5dd36515c493a4c606ccaf3c787

  • SHA256

    cfb5f740f662cd134e5a114a9f041a0c320fba850b48874ff1d2c23ca6be3fb5

  • SHA512

    2dc14042e1533cd1f301665f8924c63df8cae5ce6b7d36afbe14ea755f913c84664a6f75b1ef82bb294f0b701e167b78cdb8129b6f3038cf5e87cb9bf44eb023

  • SSDEEP

    384:YKwAXXwpskBwiRtj8cgYI90TumDI2cl1caXU0cYulkXwJtb9jv:BXXXKHBxRtj8c6Ccl1caXFcoXwJtb9jv

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.12.128:5544

Targets

    • Target

      cfb5f740f662cd134e5a114a9f041a0c320fba850b48874ff1d2c23ca6be3fb5

    • Size

      17KB

    • MD5

      b89b02e73b9191bbae636a043a1bc765

    • SHA1

      d82d93d0d526b5dd36515c493a4c606ccaf3c787

    • SHA256

      cfb5f740f662cd134e5a114a9f041a0c320fba850b48874ff1d2c23ca6be3fb5

    • SHA512

      2dc14042e1533cd1f301665f8924c63df8cae5ce6b7d36afbe14ea755f913c84664a6f75b1ef82bb294f0b701e167b78cdb8129b6f3038cf5e87cb9bf44eb023

    • SSDEEP

      384:YKwAXXwpskBwiRtj8cgYI90TumDI2cl1caXU0cYulkXwJtb9jv:BXXXKHBxRtj8c6Ccl1caXFcoXwJtb9jv

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks