metasploit | 22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

22681cb9eb...0.docm

windows7-x64

22681cb9eb...0.docm

windows10-2004-x64

7

Sharing

General

Target

22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0
Size

83KB
Sample

250120-1htxrs1jes
MD5

b1fe2e12e641e07bdf83cf4e6a54bd06
SHA1

60469df7194a9328e49b9dc5efb88ec8c4d5c239
SHA256

22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0
SHA512

044fc15ab36b5e43d772fb81cbada2da4cd8ab676c52f9119ce6503c2317271d8ade015b8009553d1c3943bf6d406aac17802dbcbb456274808cecf3899fc0dd
SSDEEP

1536:Ky+WqQuctgd/mM4Im4QWcpYT180/oiu+7FwjgrBqpbCV2Fj6J+VMVxANinOXClh:z+X8YHvmPWcfYoiu+7yscl7g0NuOCv

Score

10^/10

metasploit backdoor discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0.docm

Resource

win7-20241023-en

metasploit backdoor discovery trojan

windows7-x64

11 signatures

60 seconds

Behavioral task

behavioral2

Sample

22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0.docm

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

60 seconds

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

192.168.10.176:8888

Targets

- Target
  
  22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0
- Size
  
  83KB
- MD5
  
  b1fe2e12e641e07bdf83cf4e6a54bd06
- SHA1
  
  60469df7194a9328e49b9dc5efb88ec8c4d5c239
- SHA256
  
  22681cb9ebd4067b16e84c6403fd1341f380a9beb8c97aa950ea9f098500e5b0
- SHA512
  
  044fc15ab36b5e43d772fb81cbada2da4cd8ab676c52f9119ce6503c2317271d8ade015b8009553d1c3943bf6d406aac17802dbcbb456274808cecf3899fc0dd
- SSDEEP
  
  1536:Ky+WqQuctgd/mM4Im4QWcpYT180/oiu+7FwjgrBqpbCV2Fj6J+VMVxANinOXClh:z+X8YHvmPWcfYoiu+7yscl7g0NuOCv
Score

10^/10

metasploit backdoor discovery trojan
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Metasploit family
  metasploit
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metasploitbackdoordiscoverytrojan

behavioral2

© 2018-2025

Terms | Privacy