Overview

overview

10

Static

static

10

evil.pdf

windows7-x64

10

evil.pdf

windows10-2004-x64

1

template.exe

windows7-x64

10

template.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    evil.pdf

  • Size

    45KB

  • Sample

    240517-wtpd7scb85

  • MD5

    c6ca50ccdaf2ef75643219163577757b

  • SHA1

    7c14123f39d5c137e3d4412c392c962c29fcb7f7

  • SHA256

    d59e9f301dc89d6e45cd695d8274bcaac4ed6b745369c3455c4343fdc61819b4

  • SHA512

    d1c5ec9fa2ffa4f89e9658e0cc9b733f23c9e03252353eac9d7d1ade720af889ee950e1162be9e55c0a19fd678abd095e39e5fb6fe65542f55afd0b9729e24e2

  • SSDEEP

    768:cd/lECC1jelyqCs2u3jx/Top3CAzf2sNGA3TV3k+zmQpEXtUROwr4XGtLIbuXwkT:c8xoLCBuTqhTzuI3TVnJwwr8buXlZ

Score
10/10
metasploitbackdoorjavascriptpdftrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

146.19.191.45:4444

Targets

    • Target

      evil.pdf

    • Size

      45KB

    • MD5

      c6ca50ccdaf2ef75643219163577757b

    • SHA1

      7c14123f39d5c137e3d4412c392c962c29fcb7f7

    • SHA256

      d59e9f301dc89d6e45cd695d8274bcaac4ed6b745369c3455c4343fdc61819b4

    • SHA512

      d1c5ec9fa2ffa4f89e9658e0cc9b733f23c9e03252353eac9d7d1ade720af889ee950e1162be9e55c0a19fd678abd095e39e5fb6fe65542f55afd0b9729e24e2

    • SSDEEP

      768:cd/lECC1jelyqCs2u3jx/Top3CAzf2sNGA3TV3k+zmQpEXtUROwr4XGtLIbuXwkT:c8xoLCBuTqhTzuI3TVnJwwr8buXlZ

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      template.pdf

    • Size

      72KB

    • MD5

      a0dadf4c06912afefea51d1d856a3eff

    • SHA1

      a0e23b70d0d1e9880c4129f2a7b65133b72f8738

    • SHA256

      5cfe86dcaed78ccabd079cb809786104314f73d5127c3ed6814bac9b1374fce8

    • SHA512

      491fd6fe42e2856c9ff59d950cf7330f10e3ec969dcfe4c670e2e75931ecb5049a7c765dea23f4a4db64ea2f7075dd64f43a3b3a257876c72e8553ad433d3af8

    • SSDEEP

      1536:IEsLiNBAADyEPVwTU9/c2GlVYMb+KR0Nc8QsJq39:CetmBUJGQe0Nc8QsC9

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks