metasploit | b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5 | Triage

Submit
Reports

Overview

overview

Static

static

3

b5f13b1651...c5.exe

windows7-x64

7

b5f13b1651...c5.exe

windows10-2004-x64

Sharing

General

Target

b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5.exe
Size

8.5MB
Sample

241202-1g8pjatqcw
MD5

e90780d3da495c8ac3e0d31fa5e0af52
SHA1

f04a55edf97af3a26bfad64f33d9a9a2e0d732f8
SHA256

b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5
SHA512

a2b6502891b69141af5085bc9d6316657118eaf9e75c86689f2ff61d2f19a2ed97115d3e96fdb26591ccdbf6020152709c2f9eb407c787d7580bbe8abbff537e
SSDEEP

196608:93GDA2c4s3H5D5ySAhHj6glb97gNhR6xAnUmEK8Fccr9mq0jvK:L2twkHrpUt6ezEK8/MqovK

Score

10^/10

metasploit backdoor discovery pyinstaller trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5.exe

Resource

win7-20240903-en

discovery pyinstaller

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery pyinstaller trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

192.168.59.129:1180

Targets

- Target
  
  b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5.exe
- Size
  
  8.5MB
- MD5
  
  e90780d3da495c8ac3e0d31fa5e0af52
- SHA1
  
  f04a55edf97af3a26bfad64f33d9a9a2e0d732f8
- SHA256
  
  b5f13b165130351b69e94586a8ed864262664a930496b412b80d9c3cf51ec1c5
- SHA512
  
  a2b6502891b69141af5085bc9d6316657118eaf9e75c86689f2ff61d2f19a2ed97115d3e96fdb26591ccdbf6020152709c2f9eb407c787d7580bbe8abbff537e
- SSDEEP
  
  196608:93GDA2c4s3H5D5ySAhHj6glb97gNhR6xAnUmEK8Fccr9mq0jvK:L2twkHrpUt6ezEK8/MqovK
Score

10^/10

discovery pyinstaller metasploit backdoor trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstaller

behavioral2

metasploitbackdoordiscoverypyinstallertrojan

© 2018-2025

Terms | Privacy