Overview

overview

10

Static

static

8

6cca05a675...28.doc

windows7-x64

10

6cca05a675...28.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cca05a67555dffeb4069f1b57ef2c3ca9f01b3bba6c8f69c4fd2c26256b0628

  • Size

    76KB

  • Sample

    240920-jz58paxaqp

  • MD5

    6749d033acc7831369838214f516d30e

  • SHA1

    62629c3c670e996474f75fdbc4ac67c756ba19a2

  • SHA256

    6cca05a67555dffeb4069f1b57ef2c3ca9f01b3bba6c8f69c4fd2c26256b0628

  • SHA512

    f5bb4b402758df9bd156c8b94d93abfadd4291105812ac2282ca8af8e99686b6bb398ef3867e2ef2f6ba75977f71b7f891eb398e9a46fb1ca970c29ad8ec2de9

  • SSDEEP

    768:Iixw+tHKI43TqiVZHyrJ+pXrRDBjg/wekD/r6:fxrtqkrJ+pXdq/wRO

Score
10/10
metasploitbackdoordiscoverymacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

10.127.253.25:555

Targets

    • Target

      6cca05a67555dffeb4069f1b57ef2c3ca9f01b3bba6c8f69c4fd2c26256b0628

    • Size

      76KB

    • MD5

      6749d033acc7831369838214f516d30e

    • SHA1

      62629c3c670e996474f75fdbc4ac67c756ba19a2

    • SHA256

      6cca05a67555dffeb4069f1b57ef2c3ca9f01b3bba6c8f69c4fd2c26256b0628

    • SHA512

      f5bb4b402758df9bd156c8b94d93abfadd4291105812ac2282ca8af8e99686b6bb398ef3867e2ef2f6ba75977f71b7f891eb398e9a46fb1ca970c29ad8ec2de9

    • SSDEEP

      768:Iixw+tHKI43TqiVZHyrJ+pXrRDBjg/wekD/r6:fxrtqkrJ+pXdq/wRO

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks