Overview

overview

10

Static

static

8

502d52f046...0e.doc

windows7-x64

10

502d52f046...0e.doc

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e

  • Size

    35KB

  • Sample

    240628-1kmw8swcjj

  • MD5

    b19a3cdfcac38edc090d9f3fa58376f7

  • SHA1

    1cacde908adb23121ed819f67f7b50f39338e3e5

  • SHA256

    502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e

  • SHA512

    7dace34e74f8378c0a4850270f5848f76b06b89e90670902d7f1d7d117e6dd5c80660a7d12c17e0712d3ae3d7b59feb2305a1520ebdc2c51f0565e8849dd635b

  • SSDEEP

    384:/eSOBiSsqdg1vA9WgMzyBZmy7Co3MA0jD+petJ/:/eSOr+1o9szyBZF33BS+p

Score
10/10
metasploitbackdoormacromacro_on_actiontrojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_http

C2

http://192.168.45.200:443/2kUiQG9O7eD1N_Q2k0lR-AtQbMVa_3Zr57FdKvxOYNK5Rqu0bJ83GE-kqCNNr3t63PHcw0D_tl4EuaYcqaButOTtC0ioHb9hy9fmn62HmWypPIyPjo9csBJkk1Ra-D5OKgOSSuE1YStApTwHpY3j6U

Targets

    • Target

      502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e

    • Size

      35KB

    • MD5

      b19a3cdfcac38edc090d9f3fa58376f7

    • SHA1

      1cacde908adb23121ed819f67f7b50f39338e3e5

    • SHA256

      502d52f0467cec572952fb7910085831bc4389bbfc20efac172974d53d68b90e

    • SHA512

      7dace34e74f8378c0a4850270f5848f76b06b89e90670902d7f1d7d117e6dd5c80660a7d12c17e0712d3ae3d7b59feb2305a1520ebdc2c51f0565e8849dd635b

    • SSDEEP

      384:/eSOBiSsqdg1vA9WgMzyBZmy7Co3MA0jD+petJ/:/eSOr+1o9szyBZF33BS+p

    Score
    10/10
    metasploitbackdoortrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks