metasploit | 2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009

Analysis

max time kernel
105s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009N.exe
Size

72KB
MD5

85d61e7a65007944e2a0d42d4f2c63c0
SHA1

fc628b2c4d5e48ef7af356da45875948be388381
SHA256

2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009
SHA512

6f053e31612cc00f6331333e439212b43a5b0a130b682f9e0c425670e113135b35cab7a9e0f6329420ee95d98881d6e9af9ca9dca2d813ee07c9d02be9bd27c8
SSDEEP

1536:IzT7Xfd//W6mssXBHCTN/hE2dFMb+KR0Nc8QsJq39:eTrdRb2CB/e2dFe0Nc8QsC9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

172.0.16.6:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009N.exe

C:\Users\Admin\AppData\Local\Temp\2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009N.exe
"C:\Users\Admin\AppData\Local\Temp\2f5f80988ddc00ec348c20786d460572752e59dac4e55b0b612bc1b444437009N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3024-0-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download