Malware Analysis Report

2024-09-23 03:58

Sample ID 240530-zg1s9ahe7w
Target out(2).exe
SHA256 a1269f6eefff0b0e145d2f319ab988a70f35db6a1cc644eeb8c30732702b332d
Tags
metasploit backdoor trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a1269f6eefff0b0e145d2f319ab988a70f35db6a1cc644eeb8c30732702b332d

Threat Level: Known bad

The file out(2).exe was found to be: Known bad.

Malicious Activity Summary

metasploit backdoor trojan

Metasploit family

MetaSploit

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-30 20:42

Signatures

Metasploit family

metasploit

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 20:42

Reported

2024-05-30 20:44

Platform

win10-20240404-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\out(2).exe"

Signatures

MetaSploit

trojan backdoor metasploit

Processes

C:\Users\Admin\AppData\Local\Temp\out(2).exe

"C:\Users\Admin\AppData\Local\Temp\out(2).exe"

Network

Country Destination Domain Proto
US 54.172.225.3:27844 tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 49.192.11.51.in-addr.arpa udp

Files

memory/4812-0-0x0000000140000000-0x0000000140004278-memory.dmp