metasploit | 582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12 | Triage

Submit
Reports

Overview

overview

Static

static

8

582d283ac3...12.doc

windows7-x64

582d283ac3...12.doc

windows10-2004-x64

Sharing

General

Target

582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12
Size

49KB
Sample

241102-z4akkswcnr
MD5

fcc8f7e62272436e33cac2072991ffd8
SHA1

8b4dee10d556864889cfbc089aee0dfc9f4df92a
SHA256

582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12
SHA512

177f286b82d76add24d94bee8c08e0218c4fb104c015c22235217d17500bf391ae059d815cbec7e4ce859060506754f50e26c4705277edc37869eca1dded9d40
SSDEEP

768:ML3y9gMFeFaW4HiOE9h2VRHelsQfhcTgzs26WX0Sj:uy9gMFeFaW4Hch2VJe2O+oPj

Score

10^/10

metasploit backdoor discovery execution macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12.doc

Resource

win7-20240708-en

metasploit backdoor discovery execution trojan

windows7-x64

12 signatures

60 seconds

Behavioral task

behavioral2

Sample

582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12.doc

Resource

win10v2004-20241007-en

metasploit backdoor discovery execution trojan

windows10-2004-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.0.112:4444

Targets

- Target
  
  582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12
- Size
  
  49KB
- MD5
  
  fcc8f7e62272436e33cac2072991ffd8
- SHA1
  
  8b4dee10d556864889cfbc089aee0dfc9f4df92a
- SHA256
  
  582d283ac3f69c8878c07d0af4c95884335f7ba52210edf00645954b0ea5fe12
- SHA512
  
  177f286b82d76add24d94bee8c08e0218c4fb104c015c22235217d17500bf391ae059d815cbec7e4ce859060506754f50e26c4705277edc37869eca1dded9d40
- SSDEEP
  
  768:ML3y9gMFeFaW4HiOE9h2VRHelsQfhcTgzs26WX0Sj:uy9gMFeFaW4Hch2VJe2O+oPj
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan

© 2018-2025

Terms | Privacy