metasploit | 282a263a77037f37ffc2e971012d639da55982b834a5f67eef5dcf43ef39cce1

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/09/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

backdoor-2.exe
Size

178KB
MD5

bf462b624cb0c75f30117a5fbf997186
SHA1

55cb2ba0d034ff5d06e890a0e4ea6763324693b4
SHA256

d8807d78b8ae0f7c1783db057cb63a60f6ea36fab7a90e7617d2083349f9bc81
SHA512

a6a7d010b24ba6200dd87fec834b5eea4c7dd0a5d28239fb0670c427ec397470f1d3550f30268fea9c5f03d872bba0070d992a86a333441c40e779cf59619556
SSDEEP

3072:lzqTC/VXu6wRe0Nc8QsCQG+NilMZXgHjf4+dSSD+qtlWbovFqwaawqSWS1RjbgO4:xqGdXu6wQ0Nc8QsxGNMZwDQoSbqOGFZ2

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.204.147:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	backdoor-2.exe

C:\Users\Admin\AppData\Local\Temp\backdoor-2.exe
"C:\Users\Admin\AppData\Local\Temp\backdoor-2.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1852-0-0x0000000000400000-0x0000000000431598-memory.dmp

Filesize
197KB

Download
memory/1852-1-0x0000000000400000-0x0000000000431598-memory.dmp

Filesize
197KB

Download