General
-
Target
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca
-
Size
1.9MB
-
Sample
201108-qashbnabks
-
MD5
449fdd7efd9d93a0ade55e13d5bd93da
-
SHA1
1b1bc5942cdde5880e23e4b01c4f78215fda2656
-
SHA256
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca
-
SHA512
7c7bcf69669cf9ac4f6228a6de1094bf988fa1ef6e7cbe32f158b6c8aae76ca294c29fabbe29b4b59c937d0d152d70fab807f4d6a77b294937a2c0c1428ce965
Static task
static1
Behavioral task
behavioral1
Sample
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
31.44.184.108 - Port:
21 - Username:
alex - Password:
easypassword
Extracted
metasploit
windows/download_exec
http://31.44.184.48:80/tv99
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)
Targets
-
-
Target
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca
-
Size
1.9MB
-
MD5
449fdd7efd9d93a0ade55e13d5bd93da
-
SHA1
1b1bc5942cdde5880e23e4b01c4f78215fda2656
-
SHA256
f0c37f1d0fd2327c9dc4d60732b0883f3cae4b48115939723a9f894b3e9aa0ca
-
SHA512
7c7bcf69669cf9ac4f6228a6de1094bf988fa1ef6e7cbe32f158b6c8aae76ca294c29fabbe29b4b59c937d0d152d70fab807f4d6a77b294937a2c0c1428ce965
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies visiblity of hidden/system files in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
2Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1