Overview

overview

10

Static

static

1

18917860a3...6.docm

windows7-x64

10

18917860a3...6.docm

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18917860a380ce00275fc6e2be1edb1065bd8589e69361822ce8bee9382de7f6

  • Size

    83KB

  • Sample

    241112-12xg1awjbq

  • MD5

    e690c50a4bdfe105c8689e8b1bda9a62

  • SHA1

    5b7857d816c1dde669fae82d2eb1b63832968a79

  • SHA256

    18917860a380ce00275fc6e2be1edb1065bd8589e69361822ce8bee9382de7f6

  • SHA512

    933bfaa2098ab58d7016d8b5fe1989924c9ce93de8ec7bbd5e5ff498c33a11cdde721f196e5e74e0be3edfbb2fa0aaf43550f9e0b15088a6bd6724182cf47b1e

  • SSDEEP

    1536:2m+WqQuctgdrmM8o0BE3Nswkj+MB4jUgfASaAQ93MPinoTc0jUg8ifOXCla:H+X8Y3j9scMx5LAYMPinq8WOCU

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/shell_bind_tcp

Targets

    • Target

      18917860a380ce00275fc6e2be1edb1065bd8589e69361822ce8bee9382de7f6

    • Size

      83KB

    • MD5

      e690c50a4bdfe105c8689e8b1bda9a62

    • SHA1

      5b7857d816c1dde669fae82d2eb1b63832968a79

    • SHA256

      18917860a380ce00275fc6e2be1edb1065bd8589e69361822ce8bee9382de7f6

    • SHA512

      933bfaa2098ab58d7016d8b5fe1989924c9ce93de8ec7bbd5e5ff498c33a11cdde721f196e5e74e0be3edfbb2fa0aaf43550f9e0b15088a6bd6724182cf47b1e

    • SSDEEP

      1536:2m+WqQuctgdrmM8o0BE3Nswkj+MB4jUgfASaAQ93MPinoTc0jUg8ifOXCla:H+X8Y3j9scMx5LAYMPinq8WOCU

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks