metasploit | cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20 | Triage

Submit
Reports

Overview

overview

Static

static

8

cb098c62d9...20.doc

windows7-x64

cb098c62d9...20.doc

windows10-2004-x64

Sharing

General

Target

cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20
Size

49KB
Sample

241102-z84dfsvqgs
MD5

018c63537f1e145b5c2f4862e6ffc3af
SHA1

95d39da36a3e1e1eb8385e553ae6a50d01edce2e
SHA256

cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20
SHA512

249e8cdc5fec227244ee2dad39964a2e1f6e5b1c2d2f2300325b61c62d0abd13b97be0054f1b4a28119467dad30a82eb9d87aa8736f8745c3546ea68670ebd68
SSDEEP

768:4HQwM42VRHel+HiOE9MQfhcTgzs26WXUSTgjFeFaWM:iQwM42VJe8HcMO+ovTgjFeFaWM

Score

10^/10

metasploit backdoor discovery execution macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20.doc

Resource

win7-20241010-en

metasploit backdoor discovery execution trojan

windows7-x64

12 signatures

60 seconds

Behavioral task

behavioral2

Sample

cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20.doc

Resource

win10v2004-20241007-en

metasploit backdoor discovery execution trojan

windows10-2004-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.0.112:4444

Targets

- Target
  
  cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20
- Size
  
  49KB
- MD5
  
  018c63537f1e145b5c2f4862e6ffc3af
- SHA1
  
  95d39da36a3e1e1eb8385e553ae6a50d01edce2e
- SHA256
  
  cb098c62d95977af5fe670b3d9b42591148b3a94825e5ff0449ed370dec36d20
- SHA512
  
  249e8cdc5fec227244ee2dad39964a2e1f6e5b1c2d2f2300325b61c62d0abd13b97be0054f1b4a28119467dad30a82eb9d87aa8736f8745c3546ea68670ebd68
- SSDEEP
  
  768:4HQwM42VRHel+HiOE9MQfhcTgzs26WXUSTgjFeFaWM:iQwM42VJe8HcMO+ovTgjFeFaWM
Score

10^/10

metasploit backdoor discovery execution trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoveryexecutiontrojan

behavioral2

metasploitbackdoordiscoveryexecutiontrojan

© 2018-2025

Terms | Privacy