metasploit | ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ef809ac4fb...02.exe

windows7-x64

ef809ac4fb...02.exe

windows10-2004-x64

Sharing

General

Target

ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402.exe
Size

3.0MB
Sample

241123-m8xjpatmds
MD5

1af5edf02ff8abfff316ece781becef5
SHA1

f5bc98cca3a51efe991829d33f639fddd7ed1adc
SHA256

ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402
SHA512

7703f6d52625281b0c889fa6c9006dbc445f966af72c2770bffd0a4655f2f1c778a68a9f3ed23f4410caa48df7418deb3ea890e2c92145ba4e9f50b36803435a
SSDEEP

98304:e69201BfKEpPx+gsDcApAbbXWKIpHmgxQAHfqL892:my0gYJmbbXWjpH/Hr2

Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402.exe

Resource

win7-20240903-en

metasploit backdoor discovery persistence privilege_escalation trojan

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

4 signatures

120 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

192.168.147.128:4444

Targets

- Target
  
  ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402.exe
- Size
  
  3.0MB
- MD5
  
  1af5edf02ff8abfff316ece781becef5
- SHA1
  
  f5bc98cca3a51efe991829d33f639fddd7ed1adc
- SHA256
  
  ef809ac4fbe2ad04c3749e8eda925331faf468546c7d99823212c6c683796402
- SHA512
  
  7703f6d52625281b0c889fa6c9006dbc445f966af72c2770bffd0a4655f2f1c778a68a9f3ed23f4410caa48df7418deb3ea890e2c92145ba4e9f50b36803435a
- SSDEEP
  
  98304:e69201BfKEpPx+gsDcApAbbXWKIpHmgxQAHfqL892:my0gYJmbbXWjpH/Hr2
Score

10^/10

metasploit backdoor discovery persistence privilege_escalation trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverypersistenceprivilege_escalationtrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.