Overview

overview

10

Static

static

10

sample1.exe

windows7-x64

10

sample1.exe

windows10-2004-x64

10

sample2.exe_

ubuntu-22.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cs1.zip

  • Size

    550KB

  • Sample

    240601-xjvznscd96

  • MD5

    e3c79cb1d84fad2b567cac851e216d67

  • SHA1

    6576861ca202d6d3dcffdcf2048c7a7621abcd4d

  • SHA256

    92a439c2c5d3bb748830980a81137bfdde5dd0c4ff4d09fd32f969d613011f2c

  • SHA512

    427e8a247bc8d163a8ef4c9d126249232bb15fb100a2c91f7ba7bd6c25d29cd7e4819a368472f17c84a800d4d0c32cd351a32b18fa4474e7428426f9b6af5210

  • SSDEEP

    12288:tykY9ZIKzEIM3er8W4KVGZOcXzN6zNsmZsjYdG5+gco2GZw1Zd:E87IM3SY4Gg6zEzh1O+gcCw1X

Score
10/10
metasploitbackdoorexecutionlinuxtrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/exec

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://web.danger.mal/danger

Targets

    • Target

      sample1.exe_

    • Size

      83KB

    • MD5

      dec37e4b834cf3a9a78475fec06255db

    • SHA1

      bc6a9f3dd99e40dfe34ba8c64401027a3d86d2bc

    • SHA256

      075a8576bb2f75bf56cfa8c88727011ac66f176ca5abe2a78978c556577e5058

    • SHA512

      8402a9206285014fe6ab3752433835a7f907406d2c5fb23204a567d3f9940c844578ee525c64b6a67d81bf0983e7d3972fb2380d822cc9fd08eec098749d4a77

    • SSDEEP

      1536:Icus7AQXjNta73Jah9UFBD3JMb+KR0Nc8QsJq3Gnq3+/q3DlHq3/:lAYhta7ouJe0Nc8QsCzDDm/

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

    • Target

      sample2.exe_

    • Size

      510KB

    • MD5

      6fdc5264c5c71742999be0c978690b49

    • SHA1

      c925627be4ea4c1b993023e7ab55133b0b87b449

    • SHA256

      31bf9b187a5c929081a271966eaf6c97a7eabfd27198520016dad9a47be50fb8

    • SHA512

      cd36f373d339be5a7fe9a558cb78ef1edf4c3834ac4e1f21c94bedd08a3763b0d6f7018485a231fbe2f5394c84c92f61c36cb4b0200238a4d943a227becb2ca1

    • SSDEEP

      12288:OHIefBR4nHxRDUW5MgDyM1eNpd1NvYF9vAijxl83004uzwWS:WIefBo6czynfXk9vACl830ZuY

    Score
    1/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Account Manipulation

1
T1098

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks