General
-
Target
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3
-
Size
1.9MB
-
Sample
201106-t3s3a85q86
-
MD5
f6d0b41dc86d3796e151f8dba631a5a7
-
SHA1
9ad8a54f209a92d3f97e13bfff435cf2c69dced9
-
SHA256
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3
-
SHA512
b1f2781058d06a845d47836fe5826dff7ee81c8e7511ff8f3e7455dd2257c02edd8b56737afc1ec8c10d46671c87b992520b9a28669689395142d65ea44c94e9
Static task
static1
Behavioral task
behavioral1
Sample
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
31.44.184.108 - Port:
21 - Username:
alex - Password:
easypassword
Extracted
metasploit
windows/download_exec
http://31.44.184.48:80/tv99
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)
Targets
-
-
Target
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3
-
Size
1.9MB
-
MD5
f6d0b41dc86d3796e151f8dba631a5a7
-
SHA1
9ad8a54f209a92d3f97e13bfff435cf2c69dced9
-
SHA256
ce9af7ff6c297c44e8817eab39f6cfc3bafbc575adc21d2a2e7487b74e43f9f3
-
SHA512
b1f2781058d06a845d47836fe5826dff7ee81c8e7511ff8f3e7455dd2257c02edd8b56737afc1ec8c10d46671c87b992520b9a28669689395142d65ea44c94e9
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies visiblity of hidden/system files in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
2Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1