Overview

overview

10

Static

static

1

Doc.ps1

windows10-2004-x64

10

Doc.ps1

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Doc.ps1

  • Size

    11KB

  • Sample

    241226-yrmhyaxpen

  • MD5

    1b79c76903d0db77c6b8056afe67d8e3

  • SHA1

    39baffb17f693bd08cac69c80c8766058bbc2236

  • SHA256

    a0e25f0023b56e2ba4fdb12892fa55fa91f328b548b66a8f14d0e4e105957bf2

  • SHA512

    8754f398c64af28ecf050391a5265b34be4c51f84446c2d8eb601622b77cefcf6ab9162974318083ea07235a1c2b3a575263a32fc46d5c1b181268fb41b3be12

  • SSDEEP

    192:f20Cz1PRfs/FcQGGoYUPthzzP0dL1fyAZLlew8VxYvYLAF42xZaF9F6hdA:fw1QF2GoYUPthf0Pew8VxoDlxZjhdA

Score
10/10
metasploitbackdoorexecutiontrojan

Malware Config

Extracted

Family

metasploit

Version

metasploit_stager

C2

87.98.149.2:9944

Targets

    • Target

      Doc.ps1

    • Size

      11KB

    • MD5

      1b79c76903d0db77c6b8056afe67d8e3

    • SHA1

      39baffb17f693bd08cac69c80c8766058bbc2236

    • SHA256

      a0e25f0023b56e2ba4fdb12892fa55fa91f328b548b66a8f14d0e4e105957bf2

    • SHA512

      8754f398c64af28ecf050391a5265b34be4c51f84446c2d8eb601622b77cefcf6ab9162974318083ea07235a1c2b3a575263a32fc46d5c1b181268fb41b3be12

    • SSDEEP

      192:f20Cz1PRfs/FcQGGoYUPthzzP0dL1fyAZLlew8VxYvYLAF42xZaF9F6hdA:fw1QF2GoYUPthf0Pew8VxoDlxZjhdA

    Score
    10/10
    metasploitbackdoorexecutiontrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks