General

  • Target

    https://evropa2.club/

  • Sample

    201111-4parwfx7fs

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://rawcdn.githack.cyou/up.php?key=5

Extracted

Language
ps1
Source
URLs
exe.dropper

http://rawcdn.githack.cyou/up.php?key=6

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/single_exec

Targets

    • Target

      https://evropa2.club/

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    • Blacklisted process makes network request

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Modifies service

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks