Malware Analysis Report

2024-09-23 03:46

Sample ID 240529-kd5wgahd47
Target rev5757.exe
SHA256 a46a489e9dd78df0b7aaa1c5af25a178bea9ff38a91ceaca71fc6ad6411640e2
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a46a489e9dd78df0b7aaa1c5af25a178bea9ff38a91ceaca71fc6ad6411640e2

Threat Level: Known bad

The file rev5757.exe was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

Metasploit family

MetaSploit

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 08:30

Signatures

Metasploit family

metasploit

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 08:30

Reported

2024-05-29 08:32

Platform

win10v2004-20240508-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rev5757.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\rev5757.exe

"C:\Users\Admin\AppData\Local\Temp\rev5757.exe"

Network

Country Destination Domain Proto
RU 94.139.242.7:5757 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp

Files

memory/1348-0-0x0000000140000000-0x0000000140004278-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 08:30

Reported

2024-05-29 08:32

Platform

win7-20240419-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rev5757.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\rev5757.exe

"C:\Users\Admin\AppData\Local\Temp\rev5757.exe"

Network

Country Destination Domain Proto
RU 94.139.242.7:5757 tcp

Files

memory/2052-0-0x0000000140000000-0x0000000140004278-memory.dmp