General
-
Target
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b
-
Size
1.9MB
-
Sample
201113-q9e1esscqs
-
MD5
fc0bc692d4d678a8df9d7f7cde8b9293
-
SHA1
ef9477be4488dbd52e165c4c1936b454647e23d2
-
SHA256
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b
-
SHA512
39a1bf1d9a7b58ba22177cd72547af7af56cd1068dda6fa591106ed8f222eb593bfe8ba63570017439bbea4e7db1dd2138da9992268d500e6c6950e39c89e7e4
Static task
static1
Behavioral task
behavioral1
Sample
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: ftp- Host:
31.44.184.108 - Port:
21 - Username:
alex - Password:
easypassword
Extracted
metasploit
windows/download_exec
http://31.44.184.48:80/tv99
- headers User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; InfoPath.2)
Targets
-
-
Target
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b
-
Size
1.9MB
-
MD5
fc0bc692d4d678a8df9d7f7cde8b9293
-
SHA1
ef9477be4488dbd52e165c4c1936b454647e23d2
-
SHA256
8c5d071dfff8c5ce27afc37e287a64ac273ac70d7bc556efd368616c6cc6386b
-
SHA512
39a1bf1d9a7b58ba22177cd72547af7af56cd1068dda6fa591106ed8f222eb593bfe8ba63570017439bbea4e7db1dd2138da9992268d500e6c6950e39c89e7e4
Score10/10-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Modifies visiblity of hidden/system files in Explorer
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies WinLogon
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
2Hidden Files and Directories
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1