Malware Analysis Report

2024-09-23 03:46

Sample ID 240529-kd5wgahd48
Target reverse.exe
SHA256 59c47216231f08ed7ce22f3a5b2bb281a3cd01670ca6c990d068736e42fbee74
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

59c47216231f08ed7ce22f3a5b2bb281a3cd01670ca6c990d068736e42fbee74

Threat Level: Known bad

The file reverse.exe was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

MetaSploit

Metasploit family

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-29 08:30

Signatures

Metasploit family

metasploit

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-29 08:30

Reported

2024-05-29 08:32

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\reverse.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\reverse.exe

"C:\Users\Admin\AppData\Local\Temp\reverse.exe"

Network

Country Destination Domain Proto
BY 46.243.186.75:9090 tcp
US 8.8.8.8:53 75.186.243.46.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 150.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/264-0-0x0000000140000000-0x0000000140004278-memory.dmp

memory/264-1-0x00000000001B0000-0x00000000001E2000-memory.dmp

memory/264-2-0x0000000000700000-0x0000000000739000-memory.dmp

memory/264-7-0x0000000000700000-0x0000000000739000-memory.dmp

memory/264-8-0x0000000000700000-0x0000000000739000-memory.dmp

memory/264-15-0x0000000002560000-0x00000000025CB000-memory.dmp

memory/264-21-0x0000000002460000-0x0000000002560000-memory.dmp

memory/264-22-0x0000000000700000-0x0000000000739000-memory.dmp

memory/264-37-0x00000000025D0000-0x00000000025F9000-memory.dmp

memory/264-43-0x0000000000500000-0x0000000000600000-memory.dmp

memory/264-44-0x0000000000700000-0x0000000000739000-memory.dmp

memory/264-45-0x00000000001B0000-0x00000000001E2000-memory.dmp

memory/264-46-0x0000000002460000-0x0000000002560000-memory.dmp

memory/264-47-0x0000000000500000-0x0000000000600000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 08:30

Reported

2024-05-29 08:32

Platform

win7-20240221-en

Max time kernel

118s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\reverse.exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\reverse.exe

"C:\Users\Admin\AppData\Local\Temp\reverse.exe"

Network

Country Destination Domain Proto
BY 46.243.186.75:9090 tcp

Files

memory/2220-0-0x0000000140000000-0x0000000140004278-memory.dmp