General
-
Target
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1
-
Size
1.9MB
-
Sample
201109-a19r5r7j6s
-
MD5
8f935abf01f02158749c280f8f3b7ce0
-
SHA1
df92120622946287099f8dfa2525b3facd0e266d
-
SHA256
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1
-
SHA512
9a25ff40a655055b203ba3f4fea543ad6785049d848094b9c9ee050aa6ff49a913506bc8c46db3c5beef2ac775e4a068cfb6972b5a90f40413eca44d6eb0bd5d
Static task
static1
Behavioral task
behavioral1
Sample
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
31.44.184.108 - Port:
21 - Username:
alex - Password:
easypassword
Extracted
metasploit
windows/download_exec
http://31.44.184.48:80/tv99
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)
Targets
-
-
Target
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1
-
Size
1.9MB
-
MD5
8f935abf01f02158749c280f8f3b7ce0
-
SHA1
df92120622946287099f8dfa2525b3facd0e266d
-
SHA256
c5c79384782b348a9cdaf060369f6be2d8fe568c81ed15451b89b27fd8f979d1
-
SHA512
9a25ff40a655055b203ba3f4fea543ad6785049d848094b9c9ee050aa6ff49a913506bc8c46db3c5beef2ac775e4a068cfb6972b5a90f40413eca44d6eb0bd5d
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies visiblity of hidden/system files in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
2Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1