metasploit | f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932 | Triage

Submit
Reports

Overview

overview

Static

static

7

f0f5cfee98...32.exe

windows7-x64

f0f5cfee98...32.exe

windows10-2004-x64

Sharing

General

Target

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
Size

2.8MB
Sample

240914-y1rh9atdqn
MD5

db1c6242f285f50771cad71249efd80d
SHA1

33ce7a04e430f97b0f0e5222bd8aa1959f033df6
SHA256

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
SHA512

499cead59cf73e5cae73899153c900d1df792b2be45803f2a166fbbb8857f0097daaea617b219a3b90f039f6c81434379fa77ffadbae54bee9a7435b7af1501f
SSDEEP

49152:ghf7RKIntJWvd0L20FlMqjNEEXUpr/wOli1hcEjqY4mZ/n:gN9Ed0pFlMEDX2rYwis/y

Score

10^/10

metasploit backdoor discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932.exe

Resource

win7-20240903-en

metasploit backdoor discovery evasion themida trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932.exe

Resource

win10v2004-20240802-en

metasploit backdoor discovery evasion themida trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.6:404

Targets

- Target
  
  f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
- Size
  
  2.8MB
- MD5
  
  db1c6242f285f50771cad71249efd80d
- SHA1
  
  33ce7a04e430f97b0f0e5222bd8aa1959f033df6
- SHA256
  
  f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
- SHA512
  
  499cead59cf73e5cae73899153c900d1df792b2be45803f2a166fbbb8857f0097daaea617b219a3b90f039f6c81434379fa77ffadbae54bee9a7435b7af1501f
- SSDEEP
  
  49152:ghf7RKIntJWvd0L20FlMqjNEEXUpr/wOli1hcEjqY4mZ/n:gN9Ed0pFlMEDX2rYwis/y
Score

10^/10

metasploit backdoor discovery evasion themida trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoveryevasionthemidatrojan

behavioral2

metasploitbackdoordiscoveryevasionthemidatrojan

© 2018-2025

Terms | Privacy