metasploit | c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280 | Triage

Submit
Reports

Overview

overview

Static

static

8

c6b203f66a...80.doc

windows7-x64

c6b203f66a...80.doc

windows10-2004-x64

Sharing

General

Target

c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280
Size

42KB
Sample

241205-1g2wzssrdz
MD5

4cc91b9a5dfe93c3b37af0a5cdbd6b83
SHA1

a9efe1ad1127ba50814d6413efeab6770bc22df3
SHA256

c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280
SHA512

667db0a850bd7a934163babc76ea849de9ea3203f27fc44773184afc1a8590b0b41d707c569c97d700746ddd80febc5feba4a03cb68ee147e096c92319f7c6d2
SSDEEP

384:fi8iS8px8SMDfDRCttBXZtFyTz+pek/iuE/H7kyzQ/+DQCgN0jFp/:fq3ySZtFi+pekqRP5W+K6p/

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280.doc

Resource

win7-20240903-en

metasploit backdoor discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280.doc

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.8.128:80/6Xlb

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)

Targets

- Target
  
  c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280
- Size
  
  42KB
- MD5
  
  4cc91b9a5dfe93c3b37af0a5cdbd6b83
- SHA1
  
  a9efe1ad1127ba50814d6413efeab6770bc22df3
- SHA256
  
  c6b203f66a77dd285afae967774b0ae6cccbafac1b436b3e977f30b757be3280
- SHA512
  
  667db0a850bd7a934163babc76ea849de9ea3203f27fc44773184afc1a8590b0b41d707c569c97d700746ddd80febc5feba4a03cb68ee147e096c92319f7c6d2
- SSDEEP
  
  384:fi8iS8px8SMDfDRCttBXZtFyTz+pek/iuE/H7kyzQ/+DQCgN0jFp/:fq3ySZtFi+pekqRP5W+K6p/
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy