metasploit | b52c47e114f8e8523dfb634146a4bf8bb54d639d3e733d7b3afe7cfb623208cc | Triage

Submit
Reports

Overview

overview

Static

static

2024-12-12...er.exe

windows7-x64

2024-12-12...er.exe

windows10-2004-x64

Sharing

General

Target

2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber
Size

22.7MB
Sample

241212-cgqa7a1ldr
MD5

0178d22ec86dd92c1cd8e0ba2ac223e5
SHA1

30025465a07d50a21b8dda66b4591f545c35989d
SHA256

b52c47e114f8e8523dfb634146a4bf8bb54d639d3e733d7b3afe7cfb623208cc
SHA512

0c2075ac382e3c31eaac831e6225bc5cf96e4971d0779e636215fce16b2acecd6d6fb7722877e2139190331e6c4443c92a16bf51816748a6a1e322263dd9c9bf
SSDEEP

196608:49uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0yVejN2DaVCjRgo5wwDScTLKdJ4I:49pWH5/+dBJXTzrWH5/+dBJXTz

Score

10^/10

metasploit backdoor discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber.exe

Resource

win7-20241023-en

metasploit backdoor discovery trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber.exe

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.1.26:443

Targets

- Target
  
  2024-12-12_0178d22ec86dd92c1cd8e0ba2ac223e5_avoslocker_hijackloader_luca-stealer_magniber
- Size
  
  22.7MB
- MD5
  
  0178d22ec86dd92c1cd8e0ba2ac223e5
- SHA1
  
  30025465a07d50a21b8dda66b4591f545c35989d
- SHA256
  
  b52c47e114f8e8523dfb634146a4bf8bb54d639d3e733d7b3afe7cfb623208cc
- SHA512
  
  0c2075ac382e3c31eaac831e6225bc5cf96e4971d0779e636215fce16b2acecd6d6fb7722877e2139190331e6c4443c92a16bf51816748a6a1e322263dd9c9bf
- SSDEEP
  
  196608:49uXVejN2DaVCjRgo5wwDScTLKdJ4R2zJXTO0yVejN2DaVCjRgo5wwDScTLKdJ4I:49pWH5/+dBJXTzrWH5/+dBJXTz
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy