metasploit | f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19 | Triage

Submit
Reports

Overview

overview

Static

static

8

f2cba176c9...19.doc

windows7-x64

f2cba176c9...19.doc

windows10-2004-x64

Sharing

General

Target

f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19
Size

42KB
Sample

240919-12ebestaqg
MD5

ae49b622fdf810ce4a50b175e14274b5
SHA1

1a4da0c5a23fbfd005c2dbe9a693eb3cb1c3500b
SHA256

f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19
SHA512

043bc03265b21b401712822a098c34a3dc548fe65e22978bd498761be8542b9842028a1edc0936c41910accc015ecfd24c48ed64044347ee3d7bb0d3fd5c1daa
SSDEEP

384:ArtiSt3AfPpNGPTGO+peS/iGvOq5UsizZTFzTChT50jxbfoHt:4J3qxS+peSqmUsineTGbfo

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19.doc

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

8 signatures

60 seconds

Behavioral task

behavioral2

Sample

f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19.doc

Resource

win10v2004-20240802-en

metasploit backdoor discovery trojan

windows10-2004-x64

8 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.211.143:443/hCaP

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; yie9)

Targets

- Target
  
  f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19
- Size
  
  42KB
- MD5
  
  ae49b622fdf810ce4a50b175e14274b5
- SHA1
  
  1a4da0c5a23fbfd005c2dbe9a693eb3cb1c3500b
- SHA256
  
  f2cba176c9681c60d16e7ac717c0ad8f2531cf36203da4651db23bb1d2b33b19
- SHA512
  
  043bc03265b21b401712822a098c34a3dc548fe65e22978bd498761be8542b9842028a1edc0936c41910accc015ecfd24c48ed64044347ee3d7bb0d3fd5c1daa
- SSDEEP
  
  384:ArtiSt3AfPpNGPTGO+peS/iGvOq5UsizZTFzTChT50jxbfoHt:4J3qxS+peSqmUsineTGbfo
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy