Overview

overview

10

Static

static

8

a485a724a0...0b.doc

windows7-x64

10

a485a724a0...0b.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a485a724a0797a0cae1bc7f59e0403a3b77d42afacbc579aae41c458dfea2b0b

  • Size

    34KB

  • Sample

    241205-1mjbtszmcj

  • MD5

    ee86c554c2b0a1fd3b6b396970c0be5b

  • SHA1

    a477f901a2e6c97a05f81c877f05144180e400f7

  • SHA256

    a485a724a0797a0cae1bc7f59e0403a3b77d42afacbc579aae41c458dfea2b0b

  • SHA512

    f8f32e22eb8d18f93225fe3d422e27a3f7c6e93a5692873b28251b8cea1a924baf45459d08be35af97ee7c7a3bf4b5c22eb2465dc04ebc39ff9e9623606bb0d3

  • SSDEEP

    384:j2iSwvxjk+tV6L4Sivwre50j63+pz/nwQVlN3L:jZxw+tUdivnv+pHtL

Score
10/10
metasploitbackdoordiscoverymacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

127.0.0.1:4444

Targets

    • Target

      a485a724a0797a0cae1bc7f59e0403a3b77d42afacbc579aae41c458dfea2b0b

    • Size

      34KB

    • MD5

      ee86c554c2b0a1fd3b6b396970c0be5b

    • SHA1

      a477f901a2e6c97a05f81c877f05144180e400f7

    • SHA256

      a485a724a0797a0cae1bc7f59e0403a3b77d42afacbc579aae41c458dfea2b0b

    • SHA512

      f8f32e22eb8d18f93225fe3d422e27a3f7c6e93a5692873b28251b8cea1a924baf45459d08be35af97ee7c7a3bf4b5c22eb2465dc04ebc39ff9e9623606bb0d3

    • SSDEEP

      384:j2iSwvxjk+tV6L4Sivwre50j63+pz/nwQVlN3L:jZxw+tUdivnv+pHtL

    Score
    10/10
    metasploitbackdoordiscoverytrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks