metasploit | b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf | Triage

Submit
Reports

Overview

overview

Static

static

3

b51273fbe5...cf.exe

windows7-x64

7

b51273fbe5...cf.exe

windows10-2004-x64

Sharing

General

Target

b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf
Size

8.5MB
Sample

241130-pl98daxrhl
MD5

24bbe3f36cec28abbfe40736cd74e2d0
SHA1

169a7c1b7c1b0e897d56e9d18c6b0e27c0eb3cdc
SHA256

b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf
SHA512

910ffc815e242072660e256d682ee2f78c4204e3e4826dcc8450dbbdd5c8f40dfcaf242f51dce78b1fb5cd59442969c222fce63298dac0013f43d10ff7be545b
SSDEEP

196608:93GDA2c4s3H5D5ySAhHj6glb97gNhR6xAnUmEK8Fccr9mq0jvO:L2twkHrpUt6ezEK8/MqovO

Score

10^/10

metasploit backdoor discovery pyinstaller trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf.exe

Resource

win7-20240903-en

discovery pyinstaller

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery pyinstaller trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.59.129:1180

Targets

- Target
  
  b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf
- Size
  
  8.5MB
- MD5
  
  24bbe3f36cec28abbfe40736cd74e2d0
- SHA1
  
  169a7c1b7c1b0e897d56e9d18c6b0e27c0eb3cdc
- SHA256
  
  b51273fbe5651c8a048968eeb13692cbecc8b53626869e34c680ffcc6868adcf
- SHA512
  
  910ffc815e242072660e256d682ee2f78c4204e3e4826dcc8450dbbdd5c8f40dfcaf242f51dce78b1fb5cd59442969c222fce63298dac0013f43d10ff7be545b
- SSDEEP
  
  196608:93GDA2c4s3H5D5ySAhHj6glb97gNhR6xAnUmEK8Fccr9mq0jvO:L2twkHrpUt6ezEK8/MqovO
Score

10^/10

discovery pyinstaller metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstaller

behavioral2

metasploitbackdoordiscoverypyinstallertrojan

© 2018-2025

Terms | Privacy