metasploit | 004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d.exe
Size

694KB
MD5

5481eb5fcbceea65f7af99712c08902b
SHA1

d3bf66c5079dc41de8d892a542f0de961c8e92a0
SHA256

004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d
SHA512

6cc747b01eda8bfd216ade247b20b2b349c3f119897687c3487e3eb5d32718a244848c20c5336759ab8479b05593fc78b3b06959c8c1c9b8b4860ad9ad73014a
SSDEEP

12288:v+Wlzv2JiPcjs2ctnjTPY44HapXi/Lsm9/940lTMdrtYEYFp3S:v+C2LjaBoHaEzm0yY

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://ratemitojo.co:8080/Go/pressreleases/TQPCAOEIG

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d.exe

C:\Users\Admin\AppData\Local\Temp\004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d.exe
"C:\Users\Admin\AppData\Local\Temp\004606b128065db893f73003ac380211c5df3c2cb2f0d7fe1e7a2b86250fe23d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3648-0-0x0000000000710000-0x0000000000758000-memory.dmp

Filesize
288KB

Download