Overview

overview

10

Static

static

3

6d58d411c5...9N.exe

windows7-x64

10

6d58d411c5...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d58d411c57b139a09a7ba8909529d5c5caf8d678066ffef0d19b889529e4b39N.exe

  • Size

    17KB

  • Sample

    241205-tdn3dsxnan

  • MD5

    37b3c02b102fd694f736477b9862fdd0

  • SHA1

    48ff7d04054dc85c29a103b53bbe60cb04f48418

  • SHA256

    6d58d411c57b139a09a7ba8909529d5c5caf8d678066ffef0d19b889529e4b39

  • SHA512

    498d8c5ed42ac24aeeffef94081098eccb1245e14a1b3e22414fa867fad89457906c45e0cc63c3f4a34c18817f156fa2703a4ed456c05182f6932fa3b1f2bb14

  • SSDEEP

    384:HEEoLO56ayzcMj+/4y8qYj1jewPbcY5+INel1nfTJYQ:kE8O56lcV/4yrwPbcU+INenfTSQ

Score
10/10
metasploitbackdoordiscoveryexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.110:4444

Targets

    • Target

      6d58d411c57b139a09a7ba8909529d5c5caf8d678066ffef0d19b889529e4b39N.exe

    • Size

      17KB

    • MD5

      37b3c02b102fd694f736477b9862fdd0

    • SHA1

      48ff7d04054dc85c29a103b53bbe60cb04f48418

    • SHA256

      6d58d411c57b139a09a7ba8909529d5c5caf8d678066ffef0d19b889529e4b39

    • SHA512

      498d8c5ed42ac24aeeffef94081098eccb1245e14a1b3e22414fa867fad89457906c45e0cc63c3f4a34c18817f156fa2703a4ed456c05182f6932fa3b1f2bb14

    • SSDEEP

      384:HEEoLO56ayzcMj+/4y8qYj1jewPbcY5+INel1nfTJYQ:kE8O56lcV/4yrwPbcU+INenfTSQ

    Score
    10/10
    metasploitbackdoordiscoveryexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks