metasploit | 6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951 | Triage

Submit
Reports

Overview

overview

Static

static

8

6a69158fd6...51.doc

windows7-x64

6a69158fd6...51.doc

windows10-2004-x64

Sharing

General

Target

6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951
Size

49KB
Sample

241116-1k2qdsvbnp
MD5

18d4a1198b787ded87086c77dbb0b81c
SHA1

94c553717ce3cd22fa319490e84689ebd17024c4
SHA256

6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951
SHA512

bbe7266bc94a0b2bd95ef962dfdf36503da378e580ca91c363a68125b802ef5013202f70797ca445b96d5c1887e9b35493272be026a10631e78a29da2052b4cc
SSDEEP

384:Tcx6TNFHiSoqONljlX2EZtRsdF+pC/KBh50jQ:YizCH23+pZ

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951.doc

Resource

win7-20241023-en

metasploit backdoor discovery trojan

windows7-x64

8 signatures

60 seconds

Behavioral task

behavioral2

Sample

6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951.doc

Resource

win10v2004-20241007-en

metasploit backdoor trojan

windows10-2004-x64

9 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.230.135:4444

Targets

- Target
  
  6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951
- Size
  
  49KB
- MD5
  
  18d4a1198b787ded87086c77dbb0b81c
- SHA1
  
  94c553717ce3cd22fa319490e84689ebd17024c4
- SHA256
  
  6a69158fd60658de3fef73faed168c37943382faa9208025c0f4e13115dc0951
- SHA512
  
  bbe7266bc94a0b2bd95ef962dfdf36503da378e580ca91c363a68125b802ef5013202f70797ca445b96d5c1887e9b35493272be026a10631e78a29da2052b4cc
- SSDEEP
  
  384:Tcx6TNFHiSoqONljlX2EZtRsdF+pC/KBh50jQ:YizCH23+pZ
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoortrojan

© 2018-2024

Terms | Privacy