metasploit | 635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9 | Triage

Submit
Reports

Overview

overview

Static

static

8

635b01bda7...a9.doc

windows7-x64

635b01bda7...a9.doc

windows10-2004-x64

Sharing

General

Target

635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9
Size

42KB
Sample

241229-16newsylfn
MD5

c3e4d0f03ce34c94986741ae9cdf6104
SHA1

38b95eb3bec13067f3b39d5daa048b68c1c25fbb
SHA256

635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9
SHA512

cca4289314d939272acad2249a8e6824eb490c662c41ccc0059b054d69dfeeefd5c4b400a66f69eec2660927abb9cc815793d84b45dea6c8426b61756f36dcda
SSDEEP

384:vIiSgq03gRhQ6+pek/iXppK6mLt56hrTd2ukyzQ/+DQSInrPS50jxSiKEotK:vG03gF+pekqZpi56h3W+bSSyjV

Score

10^/10

metasploit backdoor discovery macro macro_on_action trojan

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9.doc

Resource

win7-20241010-en

metasploit backdoor discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9.doc

Resource

win10v2004-20241007-en

metasploit backdoor discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://192.168.201.152:80/7ZSx

Attributes

headers User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)

Targets

- Target
  
  635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9
- Size
  
  42KB
- MD5
  
  c3e4d0f03ce34c94986741ae9cdf6104
- SHA1
  
  38b95eb3bec13067f3b39d5daa048b68c1c25fbb
- SHA256
  
  635b01bda7f9753ba72dfa5efed266f10addb19273eb2bcaf8d8cfd3c06d1fa9
- SHA512
  
  cca4289314d939272acad2249a8e6824eb490c662c41ccc0059b054d69dfeeefd5c4b400a66f69eec2660927abb9cc815793d84b45dea6c8426b61756f36dcda
- SSDEEP
  
  384:vIiSgq03gRhQ6+pek/iXppK6mLt56hrTd2ukyzQ/+DQSInrPS50jxSiKEotK:vG03gF+pekqZpi56h3W+bSSyjV
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

metasploitbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy