metasploit | d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6 | Triage

Submit
Reports

Overview

overview

Static

static

8

d08608f551...b6.doc

windows7-x64

d08608f551...b6.doc

windows10-2004-x64

Sharing

General

Target

d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6
Size

89KB
Sample

240520-jlh61aah8y
MD5

9cfe249d2fdb722a8f31391c6b40df40
SHA1

52bde90ca7ff5a70e29b7fcc2bb69827ce024b16
SHA256

d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6
SHA512

5e03b1514d1a8ad835c70a251bc44b91287ef0c222d77d5e015757bbc741588fc17a65f0cee48ffe3fe63fc39adec959bbf0a54d5e26908712a9b39c79f32fb3
SSDEEP

768:KG03gLqYrwYMRXDh+peBqr0WCTmHVxOBfPpTMJHJlyl68K:k3gLyYMRDh+peBk0WCTOxOBnpelyl6n

Score

10^/10

metasploit backdoor macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6.doc

Resource

win7-20240419-en

metasploit backdoor trojan

windows7-x64

9 signatures

60 seconds

Behavioral task

behavioral2

Sample

d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6.doc

Resource

win10v2004-20240508-en

metasploit backdoor trojan

windows10-2004-x64

7 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.78.133:44444fengling

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; BOIE9;NLNL)

Targets

- Target
  
  d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6
- Size
  
  89KB
- MD5
  
  9cfe249d2fdb722a8f31391c6b40df40
- SHA1
  
  52bde90ca7ff5a70e29b7fcc2bb69827ce024b16
- SHA256
  
  d08608f55166b09ee456ae41b91c4a7c61c97e93bc6b73459abf2af1ba7c65b6
- SHA512
  
  5e03b1514d1a8ad835c70a251bc44b91287ef0c222d77d5e015757bbc741588fc17a65f0cee48ffe3fe63fc39adec959bbf0a54d5e26908712a9b39c79f32fb3
- SSDEEP
  
  768:KG03gLqYrwYMRXDh+peBqr0WCTmHVxOBfPpTMJHJlyl68K:k3gLyYMRDh+peBk0WCTOxOBnpelyl6n
Score

10^/10

metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoortrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy