Overview

overview

10

Static

static

3

cb6b1c3183...cs.exe

windows7-x64

1

cb6b1c3183...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb6b1c318381e0d84d5aca084beced80_NeikiAnalytics.exe

  • Size

    959KB

  • Sample

    240520-hst2eagg73

  • MD5

    cb6b1c318381e0d84d5aca084beced80

  • SHA1

    58c703af36b3f0ff5766b82752b7c6ff110f80dd

  • SHA256

    d24f9bc2a12b081e231eee4807c110ee33e0bd3ef88bb2fe5930da237e65ea8f

  • SHA512

    f4844cf45be991601fee7f458f3b072883cf683e58749e13b6e28f5c3a08c1e48669459384823775e3ae1f605d52412fc1f062103880ff29d0e86196335decc6

  • SSDEEP

    12288:7n7P4lVdgPJ38SmYcdBK0wVrghjdOdOx/XSgVz27Mfmq2KQ39:7n7wlV6PW1YABK0HZ27Mn

Score
10/10
metasploitbackdoortrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

0.0.17.92:4444

Targets

    • Target

      cb6b1c318381e0d84d5aca084beced80_NeikiAnalytics.exe

    • Size

      959KB

    • MD5

      cb6b1c318381e0d84d5aca084beced80

    • SHA1

      58c703af36b3f0ff5766b82752b7c6ff110f80dd

    • SHA256

      d24f9bc2a12b081e231eee4807c110ee33e0bd3ef88bb2fe5930da237e65ea8f

    • SHA512

      f4844cf45be991601fee7f458f3b072883cf683e58749e13b6e28f5c3a08c1e48669459384823775e3ae1f605d52412fc1f062103880ff29d0e86196335decc6

    • SSDEEP

      12288:7n7P4lVdgPJ38SmYcdBK0wVrghjdOdOx/XSgVz27Mfmq2KQ39:7n7wlV6PW1YABK0HZ27Mn

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks