metasploit | 796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5 | Triage

Submit
Reports

Overview

overview

Static

static

8

796409250c...e5.xls

windows7-x64

796409250c...e5.xls

windows10-2004-x64

Sharing

General

Target

796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5
Size

57KB
Sample

241106-zz2hhazpbk
MD5

350628b96da81b057576d8fdf76ee672
SHA1

a8a9e74fbfec12985d4623c5895602ebed90af5f
SHA256

796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5
SHA512

935a53d82fc96c408e10ee8d41c93d16f16b404bb3f53da679679703de95a27615d7e6a06466de6ac05f88b233c27818e14a4a37be3f888aa56812f705446d99
SSDEEP

1536:qXk3hbdlylKsgqopeJBWhZFGkE+cL2NdANcw+pmgaCI2S:qXk3hbdlylKsgqopeJBWhZFGkE+cL2N8

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5.xls

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

7 signatures

60 seconds

Behavioral task

behavioral2

Sample

796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5.xls

Resource

win10v2004-20241007-en

metasploit backdoor trojan

windows10-2004-x64

10 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.122.181:4444/Z5fVFI8ZO_ePmY6Y6r2OMAPLsk9oL1gmxjeNy

Targets

- Target
  
  796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5
- Size
  
  57KB
- MD5
  
  350628b96da81b057576d8fdf76ee672
- SHA1
  
  a8a9e74fbfec12985d4623c5895602ebed90af5f
- SHA256
  
  796409250cfb873f26a814361b5c27c030b5f8e4afc5bba11a9866ab61ba15e5
- SHA512
  
  935a53d82fc96c408e10ee8d41c93d16f16b404bb3f53da679679703de95a27615d7e6a06466de6ac05f88b233c27818e14a4a37be3f888aa56812f705446d99
- SSDEEP
  
  1536:qXk3hbdlylKsgqopeJBWhZFGkE+cL2NdANcw+pmgaCI2S:qXk3hbdlylKsgqopeJBWhZFGkE+cL2N8
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy