metasploit | 01cf0a47ab01d55fdea021a5119ee23d600ed9a75ca4a820a9529e8aed5956b9

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

putty.exe
Size

395KB
MD5

d71b5ceb7e95998303d0a8543651a4f4
SHA1

75b8b9dc04fb89b4d2d10550a01c97f0d7c2eccf
SHA256

faf6a88f7009bcb34f39ca11e7b1968b9666ee10609ad49ba8cf32e36c2ad397
SHA512

4604df3c9dd737d4164662ad51abba544209b1e1391941effa16c15d51f213ad389c3e1ddd9bd278b996ede8236fae7f3ccc766a03e24487c9384206b168b295
SSDEEP

6144:kzrx7YDzTKyYWx4mGv0bYzk95tax6cyS/glgBuRI/uU0JPmVn7OCkpkdt4:ydqvKIfGv0Mk5taXd/o6ui2wtJkSH4

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

http://10.30.5.18:443/bF-9vFVEfZj6K_sqnIb4qwyeW3TSVEsP3Rt0oyRFteYLHOCyaf5_iVoLDbKGuupIaFCahtb7rv2X-_iXCWgVioDqrcw_vST0wsWO9IehOfIAcs1pgSzdJS1OEilhzj0vO78Fq5e7iojhnliBsv_krDH2_F8mXDisqKHJDt6Vs3mo8_tUfncBA5gG08Fe-z7NwLVNoL

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	putty.exe

C:\Users\Admin\AppData\Local\Temp\putty.exe
"C:\Users\Admin\AppData\Local\Temp\putty.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2012-0-0x000000007478E000-0x000000007478F000-memory.dmp

Filesize
4KB

Download
memory/2012-1-0x0000000000AE0000-0x0000000000B48000-memory.dmp

Filesize
416KB

Download
memory/2012-2-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/2012-3-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download
memory/2012-4-0x0000000074780000-0x0000000074E6E000-memory.dmp

Filesize
6.9MB

Download