metasploit | 328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75 | Triage

Submit
Reports

Overview

overview

Static

static

328cd97394...75.exe

windows7-x64

328cd97394...75.exe

windows10-2004-x64

Sharing

General

Target

328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75
Size

255KB
Sample

240601-ys2z1sec64
MD5

31264aee72db89daba8014e491e3e8c9
SHA1

8a301f56d5952e8504ac955385a572bc34d0987f
SHA256

328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75
SHA512

11a688aa66a36fefd7054efbb3a95a7b38dc601f48214b87a1aa83d88d61578b3a938c97c2150352f2834bde6a1cddaf4a70609c3ce84d405f05abac90aef857
SSDEEP

3072:fTAjnioLO7WpLyLNZ45OlTZHiKb8ljJ3ijAviJcfM698RyOiy12KJ3qi4YgTl:f6nrD0ZvRcjcOiJ+98X2sfXg

Score

10^/10

metasploit backdoor bootkit persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75.exe

Resource

win7-20240221-en

metasploit backdoor bootkit persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75.exe

Resource

win10v2004-20240426-en

metasploit backdoor bootkit persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Targets

- Target
  
  328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75
- Size
  
  255KB
- MD5
  
  31264aee72db89daba8014e491e3e8c9
- SHA1
  
  8a301f56d5952e8504ac955385a572bc34d0987f
- SHA256
  
  328cd97394fc1bdd4f7ff410d4617313fa86f7378fe8c31c9dc1b2ef7fa4ad75
- SHA512
  
  11a688aa66a36fefd7054efbb3a95a7b38dc601f48214b87a1aa83d88d61578b3a938c97c2150352f2834bde6a1cddaf4a70609c3ce84d405f05abac90aef857
- SSDEEP
  
  3072:fTAjnioLO7WpLyLNZ45OlTZHiKb8ljJ3ijAviJcfM698RyOiy12KJ3qi4YgTl:f6nrD0ZvRcjcOiJ+98X2sfXg
Score

10^/10

metasploit backdoor bootkit persistence trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Auto-generated rule
- Detects Reflective DLL injection artifacts
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

metasploitbackdoorbootkitpersistencetrojan

behavioral2

metasploitbackdoorbootkitpersistencetrojan

© 2018-2024

Terms | Privacy